Bug#1001062: marked as done (freerdp2: CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Thu, 09 Dec 2021 22:34:15 +0000
with message-id <E1mvRzT-0008A7-Bn@fasolo.debian.org>
and subject line Bug#1001062: fixed in freerdp2 2.4.1+dfsg1-1
has caused the Debian Bug report #1001062,
regarding freerdp2: CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1001062: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001062
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: freerdp2: CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Fri, 03 Dec 2021 13:42:43 +0100
• Message-id: <[🔎] 163853536397.1675521.18076339810655917876.reportbug@eldamar.lan>

Source: freerdp2
Version: 2.3.0+dfsg1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for freerdp2.

CVE-2021-41160[0]:
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP),
| released under the Apache license. In affected versions a malicious
| server might trigger out of bound writes in a connected client.
| Connections using GDI or SurfaceCommands to send graphics updates to
| the client might send `0` width/height or out of bound rectangles to
| trigger out of bound writes. With `0` width or heigth the memory
| allocation will be `0` but the missing bounds checks allow writing to
| the pointer at this (not allocated) region. This issue has been
| patched in FreeRDP 2.4.1.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-41160
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41160
[1] https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 1001062-close@bugs.debian.org
• Subject: Bug#1001062: fixed in freerdp2 2.4.1+dfsg1-1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Thu, 09 Dec 2021 22:34:15 +0000
• Message-id: <E1mvRzT-0008A7-Bn@fasolo.debian.org>
• Reply-to: Mike Gabriel <sunweaver@debian.org>

Source: freerdp2
Source-Version: 2.4.1+dfsg1-1
Done: Mike Gabriel <sunweaver@debian.org>

We believe that the bug you reported is fixed in the latest version of
freerdp2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1001062@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated freerdp2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 09 Dec 2021 23:16:59 +0100
Source: freerdp2
Architecture: source
Version: 2.4.1+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 999727 1001061 1001062
Changes:
 freerdp2 (2.4.1+dfsg1-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #999727).
     - CVE-2021-41160: Fix improper region checks in all clients that allowed
       out of bound write to memory. (Closes: #1001062).
     - CVE-2021-41159: Fix improper client input validation for gateway
       connections that allowed one to overwrite memory. (Closes: #1001061).
   * debian/patches/:
     + Drop all patches pulled in from upstream recently. All part of 2.4.0.
   * debian/copyright:
     + Update auto-generated copyright.in template/reference file.
   * debian/control:
     + Bump Standards-Version: to 4.6.0. No changes needed.
   * debian/libwinpr2-2.symbols:
     + Update symbols.
   * debian/copyright:
     + Update copyright attributions.
     + Update auto-generated copyright.in reference file.
Checksums-Sha1:
 fc55031ac1d93b40f909bca82ab2919083f9a5c7 3553 freerdp2_2.4.1+dfsg1-1.dsc
 413937224cec9bab9109dc9ca787bc2dbc822691 2234912 freerdp2_2.4.1+dfsg1.orig.tar.xz
 4b5072736f5ee47159f064f45c4bc121453d97dd 43764 freerdp2_2.4.1+dfsg1-1.debian.tar.xz
 91193fc4fb11b5f8e5630118b02fd2d3e78506e8 12095 freerdp2_2.4.1+dfsg1-1_source.buildinfo
Checksums-Sha256:
 6a8e0cecc0fd0459579f134bbff44caefad4b09ac9603a7d21e2f3e40e9f0440 3553 freerdp2_2.4.1+dfsg1-1.dsc
 a92156964362ffd19a84e80fae33dc089fb30ec5fd5dafe12a8432eb2d43356f 2234912 freerdp2_2.4.1+dfsg1.orig.tar.xz
 66ab1266345496b5f04ec2440d5e25fb0712cec20c592af2a003eb54bb69fdfd 43764 freerdp2_2.4.1+dfsg1-1.debian.tar.xz
 7bc8d821456d3ac522dfbfe0f4154955d9344287701552a3ba15b15c80095c8a 12095 freerdp2_2.4.1+dfsg1-1_source.buildinfo
Files:
 315a6c44c23638da2d9a6794736b2f58 3553 x11 optional freerdp2_2.4.1+dfsg1-1.dsc
 b5c91d587c295300967bcab477d50e26 2234912 x11 optional freerdp2_2.4.1+dfsg1.orig.tar.xz
 d84e098797b7ec28ef1673d5d29a6cf5 43764 x11 optional freerdp2_2.4.1+dfsg1-1.debian.tar.xz
 3ad8a9f4153678eed485067e1fefda67 12095 x11 optional freerdp2_2.4.1+dfsg1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmGygZUVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxcd4P/2VK1NMZEjstfVk+GtnHCdT+oM6c
nrjD8bMi3mOaioEblZ7K78GSToe/H5WqfNyZZi9M8taLfJGk6yahDg6HyICq6JY0
ASNGPD/R3W1xao57CsOzl+M1rH+6i6mGwtq6meXBGdweOWo6Aj5cg9mUBH90nYMq
ZjbVlmbyRxa0FzQ4OrzuzITfjFTCNRulVnJXe58GswHfTAl7OB8ugVlDe048YtUm
60qD4voZYvk0B+YccuVJO5xcutCoya5qIORW+UhrMF4rsL6Jg9XhHTj2OGC1e1DC
HWn/Qv3znFebZg/EJ4vtGoCNj/Z+7jYh/ZwozI440vQwDggziTJ7ptGLmdt6b/Ov
KPqrGFuYpV8b/8EIm/dUZ8WaJvuJBkHWMaGcFNuWIigQ6ILNcjEc436+hqyY+rH2
a2hL2r8SzyQJosqKY8m3pgFX6823Z7WwPUB6JHFBlOj9p7WAhV2NfeBREvzc2uZh
kyudWRmAL1YkWXzvD9PbJfc0ikScNvddTj8J7ksQerYa6po/JkVEy8UvzzQsR+BR
CrD+Zm4ARHS97X1MpEwIciwnBRZANIq/fb8nn6Ukdb7l6b/3NCM43E8o7TM0lN56
cnuqlxW0dgv9CXKsyU8bet7B8cN4aT5fCRKhJ9ReMwiBcgMZ+epe6VE898gcjXpF
vxRdbvsjg8xFgQ2p
=CXiG
-----END PGP SIGNATURE-----

--- End Message ---