Attachment #239001 for bug #268539

View | Details | Raw Unified | Return to bug 268539 | Differences between
Collapse All | Expand All




  <vuln vid="1f0421b1-8398-11ed-973d-002b67dfc673">
    <topic>freerdp -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>freerdp</name>
	<range><lt>2.9.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>FreeRDP reports:</p>
	<blockquote cite="https://www.freerdp.com/2022/11/16/2_9_0-release">
	  <p>GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder.</p>
	  <p>GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder.</p>
	  <p>GHSA-387j-8j96-7q35: Division by zero in urbdrc channel.</p>
	  <p>GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel.</p>
	  <p>GHSA-qfq2-82qr-7f4j: Heap buffer overflow in urbdrc channel.</p>
	  <p>GHSA-c5xq-8v35-pffg: Missing path sanitation with `drive` channel.</p>
	  <p>GHSA-pmv3-wpw4-pw5h: Missing input length validation in `drive` channel.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-39316</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-39316</url>
      <cvename>CVE-2022-39317</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-39317</url>
      <cvename>CVE-2022-39318</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-39318</url>
      <cvename>CVE-2022-39319</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-39319</url>
      <cvename>CVE-2022-39320</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-39320</url>
      <cvename>CVE-2022-39347</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-39347</url>
      <cvename>CVE-2022-41877</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-41877</url>
    </references>
    <dates>
      <discovery>2022-12-24</discovery>
      <entry>2022-12-24</entry>
    </dates>
  </vuln>

  <vuln vid="d0da046a-81e6-11ed-96ca-0800277bb8a8">
    <topic>gitea -- multiple issues</topic>
    <affects>

Return to bug 268539

Lines 1-3 Link Here

(-)b/security/vuxml/vuln/2022.xml (+44 lines)
		1	<vuln vid="1f0421b1-8398-11ed-973d-002b67dfc673">
		2	<topic>freerdp -- multiple vulnerabilities</topic>
		3	<affects>
		4	<package>
		5	<name>freerdp</name>
		6	<range><lt>2.9.0</lt></range>
		7	</package>
		8	</affects>
		9	<description>
		10	<body xmlns="http://www.w3.org/1999/xhtml">
		11	<p>FreeRDP reports:</p>
		12	<blockquote cite="https://www.freerdp.com/2022/11/16/2_9_0-release">
		13	<p>GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder.</p>
		14	<p>GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder.</p>
		15	<p>GHSA-387j-8j96-7q35: Division by zero in urbdrc channel.</p>
		16	<p>GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel.</p>
		17	<p>GHSA-qfq2-82qr-7f4j: Heap buffer overflow in urbdrc channel.</p>
		18	<p>GHSA-c5xq-8v35-pffg: Missing path sanitation with `drive` channel.</p>
		19	<p>GHSA-pmv3-wpw4-pw5h: Missing input length validation in `drive` channel.</p>
		20	</blockquote>
		21	</body>
		22	</description>
		23	<references>
		24	<cvename>CVE-2022-39316</cvename>
		25	<url>https://nvd.nist.gov/vuln/detail/CVE-2022-39316</url>
		26	<cvename>CVE-2022-39317</cvename>
		27	<url>https://nvd.nist.gov/vuln/detail/CVE-2022-39317</url>
		28	<cvename>CVE-2022-39318</cvename>
		29	<url>https://nvd.nist.gov/vuln/detail/CVE-2022-39318</url>
		30	<cvename>CVE-2022-39319</cvename>
		31	<url>https://nvd.nist.gov/vuln/detail/CVE-2022-39319</url>
		32	<cvename>CVE-2022-39320</cvename>
		33	<url>https://nvd.nist.gov/vuln/detail/CVE-2022-39320</url>
		34	<cvename>CVE-2022-39347</cvename>
		35	<url>https://nvd.nist.gov/vuln/detail/CVE-2022-39347</url>
		36	<cvename>CVE-2022-41877</cvename>
		37	<url>https://nvd.nist.gov/vuln/detail/CVE-2022-41877</url>
		38	</references>
		39	<dates>
		40	<discovery>2022-12-24</discovery>
		41	<entry>2022-12-24</entry>
		42	</dates>
		43	</vuln>
		44
1	<vuln vid="d0da046a-81e6-11ed-96ca-0800277bb8a8">	45	<vuln vid="d0da046a-81e6-11ed-96ca-0800277bb8a8">
2	<topic>gitea -- multiple issues</topic>	46	<topic>gitea -- multiple issues</topic>
3	<affects>	47	<affects>