Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 672010 (CVE-2018-8784, CVE-2018-8785, CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789) - <net-misc/freerdp-2.0.0_rc4: multiple vulnerabilities (CVE-2018-{8784,8785,8786,8787,8788,8789})
Summary: <net-misc/freerdp-2.0.0_rc4: multiple vulnerabilities (CVE-2018-{8784,8785,87...
Status: RESOLVED FIXED
Alias: CVE-2018-8784, CVE-2018-8785, CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/FreeRDP/FreeRDP/pu...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: 672744
Blocks: CVE-2018-1000852
  Show dependency tree
 
Reported: 2018-11-26 18:36 UTC by GLSAMaker/CVETool Bot
Modified: 2020-03-28 19:52 UTC (History)
1 user (show)

See Also:
Package list:
net-misc/freerdp-2.0.0_rc4
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-11-26 18:36:28 UTC
Incoming details.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-26 18:39:01 UTC
See https://github.com/FreeRDP/FreeRDP/pull/5031 for details.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-27 21:56:28 UTC
x86 stable
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-11-29 19:46:32 UTC
amd64 stable
Comment 4 Larry the Git Cow gentoo-dev 2018-11-30 11:13:01 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3695e0abe8edcee64f77ce0b8848e3fcf72e9326

commit 3695e0abe8edcee64f77ce0b8848e3fcf72e9326
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2018-11-30 11:12:34 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2018-11-30 11:12:34 +0000

    net-misc/freerdp-2.0.0_rc4-r0: alpha stable
    
    Bug: http://bugs.gentoo.org/672010
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 net-misc/freerdp/freerdp-2.0.0_rc4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2018-11-30 11:13:50 UTC
Stable on alpha.
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-12-07 12:54:18 UTC
arm stable
Comment 7 ernsteiswuerfel archtester 2018-12-08 12:41:47 UTC
Fails 2 tests on ppc. Regression over 2.0.0_rc2-r1 (see bug #672744).
Comment 8 Mike Gilbert gentoo-dev 2019-09-29 21:13:24 UTC
The ppc test failure should be resolved now.
Comment 9 ernsteiswuerfel archtester 2019-10-06 22:57:26 UTC
(In reply to Mike Gilbert from comment #8)
> The ppc test failure should be resolved now.
TestNTLM works now, but TestFreeRDPCodecInterleaved still fails:

159/186 Test #169: TestFreeRDPCodecInterleaved ..............***Failed    0.02 sec
Comment 10 Mike Gilbert gentoo-dev 2019-10-07 14:25:18 UTC
Did you report the other failure to upstream?
Comment 11 ernsteiswuerfel archtester 2019-10-07 15:50:03 UTC
(In reply to Mike Gilbert from comment #10)
> Did you report the other failure to upstream?
Yes, I reported both test failures in my upstream bugregport:
https://github.com/FreeRDP/FreeRDP/issues/5250
Comment 12 Mike Gilbert gentoo-dev 2019-10-07 16:41:04 UTC
(In reply to ernsteiswuerfel from comment #11)

It appears the upstream issue got closed when one of the failures was fixed.

Please re-open the issue upstream, or report it as a separate issue.
Comment 13 Mike Gilbert gentoo-dev 2019-10-07 17:19:36 UTC
(In reply to Mike Gilbert from comment #12)
> (In reply to ernsteiswuerfel from comment #11)

Sorry, I didn't see there were 2 patches associated with that issue. Should be fixed now.
Comment 14 ernsteiswuerfel archtester 2019-10-08 00:40:57 UTC
(In reply to Mike Gilbert from comment #13)
> (In reply to Mike Gilbert from comment #12)
> > (In reply to ernsteiswuerfel from comment #11)
> 
> Sorry, I didn't see there were 2 patches associated with that issue. Should
> be fixed now.
No prob! All tests pass now.

The rest also looks good on ppc (blocked packages due to libressl).

# cat freerdp-672010.report 
USE tests started on Di 8. Okt 01:49:29 CEST 2019

FEATURES=' test' USE='' succeeded for =net-misc/freerdp-2.0.0_rc4
USE='X -alsa client cups doc -ffmpeg -gstreamer jpeg -libav -libressl -openh264 pulseaudio -server smartcard systemd usb -wayland -xinerama -xv' succeeded for =net-misc/freerdp-2.0.0_rc4
USE='X -alsa -client -cups doc ffmpeg gstreamer jpeg -libav libressl openh264 -pulseaudio -server smartcard -systemd -usb wayland xinerama -xv' : blocked packages (probably) for =net-misc/freerdp-2.0.0_rc4
USE='-X -alsa -client cups -doc ffmpeg gstreamer jpeg -libav -libressl -openh264 -pulseaudio -server -smartcard systemd -usb wayland xinerama -xv' succeeded for =net-misc/freerdp-2.0.0_rc4
USE='X -alsa client -cups doc -ffmpeg gstreamer -jpeg -libav -libressl -openh264 -pulseaudio server -smartcard systemd -usb wayland xinerama -xv' succeeded for =net-misc/freerdp-2.0.0_rc4
USE='-X alsa -client cups doc ffmpeg -gstreamer -jpeg -libav libressl -openh264 -pulseaudio server smartcard -systemd usb wayland xinerama -xv' : blocked packages (probably) for =net-misc/freerdp-2.0.0_rc4
USE='X -alsa client cups doc -ffmpeg gstreamer jpeg -libav -libressl openh264 pulseaudio -server -smartcard -systemd usb -wayland -xinerama xv' succeeded for =net-misc/freerdp-2.0.0_rc4
USE='X alsa client cups doc ffmpeg gstreamer jpeg -libav -libressl openh264 pulseaudio server -smartcard -systemd usb -wayland -xinerama xv' succeeded for =net-misc/freerdp-2.0.0_rc4
USE='-X -alsa -client -cups -doc -ffmpeg -gstreamer -jpeg -libav -libressl openh264 -pulseaudio -server smartcard systemd -usb wayland -xinerama xv' succeeded for =net-misc/freerdp-2.0.0_rc4
USE='-X -alsa -client cups doc -ffmpeg gstreamer -jpeg -libav libressl -openh264 -pulseaudio server smartcard systemd usb wayland -xinerama xv' : blocked packages (probably) for =net-misc/freerdp-2.0.0_rc4
USE='-X -alsa client cups doc -ffmpeg gstreamer -jpeg -libav libressl openh264 -pulseaudio server -smartcard -systemd -usb -wayland xinerama xv' : blocked packages (probably) for =net-misc/freerdp-2.0.0_rc4
USE='-X alsa -client cups -doc -ffmpeg -gstreamer jpeg -libav -libressl openh264 pulseaudio server -smartcard -systemd -usb -wayland xinerama xv' succeeded for =net-misc/freerdp-2.0.0_rc4
USE='-X -alsa -client -cups doc -ffmpeg gstreamer -jpeg -libav -libressl openh264 -pulseaudio -server -smartcard systemd -usb wayland xinerama xv' succeeded for =net-misc/freerdp-2.0.0_rc4

revdep tests started on Di 8. Okt 02:24:36 CEST 2019

FEATURES=' test' USE='rdp' succeeded for media-video/vlc
FEATURES=' test' USE='rdp' succeeded for net-analyzer/hydra
Comment 15 Agostino Sarubbo gentoo-dev 2019-10-09 08:12:21 UTC
ppc stable
Comment 16 Agostino Sarubbo gentoo-dev 2019-10-09 08:23:39 UTC
ppc64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 17 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-26 22:01:58 UTC
GLSA Vote: No!

@ maintainer(s): Please cleanup and drop =net-misc/freerdp-2.0.0_rc2-r1!
Comment 18 Larry the Git Cow gentoo-dev 2019-12-12 20:15:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08f2438131f86e39251efb3620668c776f9f4243

commit 08f2438131f86e39251efb3620668c776f9f4243
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2019-12-12 20:14:23 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2019-12-12 20:15:13 +0000

    net-misc/freerdp: remove old
    
    Bug: https://bugs.gentoo.org/672010
    Bug: https://bugs.gentoo.org/679416
    Package-Manager: Portage-2.3.80_p5, Repoman-2.3.19_p4
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 net-misc/freerdp/Manifest                         |   1 -
 net-misc/freerdp/files/2.0.0-rc2-primitives.patch |  41 --------
 net-misc/freerdp/freerdp-2.0.0_rc2-r1.ebuild      | 120 ----------------------
 3 files changed, 162 deletions(-)
Comment 19 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-28 19:52:49 UTC
Tree is clean, closing.