svn commit: r493578 - head/security/vuxml
Kurt Jaeger
pi at FreeBSD.org
Fri Feb 22 17:58:17 UTC 2019
Author: pi
Date: Fri Feb 22 17:58:16 2019
New Revision: 493578
URL: https://svnweb.freebsd.org/changeset/ports/493578
Log:
security/vuxml: dokument rdesktop < 1.8.4 vulnerabilities
PR: 235885, 229029
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Feb 22 17:38:57 2019 (r493577)
+++ head/security/vuxml/vuln.xml Fri Feb 22 17:58:16 2019 (r493578)
@@ -58,6 +58,92 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="3e2c9b63-223c-4575-af5c-816acb14e445">
+ <topic>rdesktop - critical - Remote Code Execution</topic>
+ <affects>
+ <package>
+ <name>rdesktop</name>
+ <range><lt>1.8.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <blockquote cite="https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4">
+ <ul>
+ <li>Fix memory corruption in process_bitmap_data - CVE-2018-8794
+ </li>
+ <li>Fix remote code execution in process_bitmap_data - CVE-2018-8795
+ </li>
+ <li>Fix remote code execution in process_plane - CVE-2018-8797
+ </li>
+ <li>Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
+ </li>
+ <li>Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
+ </li>
+ <li>Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
+ </li>
+ <li>Fix Denial of Service in sec_recv - CVE-2018-20176
+ </li>
+ <li>Fix minor information leak in rdpdr_process - CVE-2018-8791
+ </li>
+ <li>Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
+ </li>
+ <li>Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
+ </li>
+ <li>Fix Denial of Service in process_bitmap_data - CVE-2018-8796
+ </li>
+ <li>Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
+ </li>
+ <li>Fix Denial of Service in process_secondary_order - CVE-2018-8799
+ </li>
+ <li>Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
+ </li>
+ <li>Fix major information leak in ui_clip_handle_data - CVE-2018-20174
+ </li>
+ <li>Fix memory corruption in rdp_in_unistr - CVE-2018-20177
+ </li>
+ <li>Fix Denial of Service in process_demand_active - CVE-2018-20178
+ </li>
+ <li>Fix remote code execution in lspci_process - CVE-2018-20179
+ </li>
+ <li>Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
+ </li>
+ <li>Fix remote code execution in seamless_process - CVE-2018-20181
+ </li>
+ <li>Fix remote code execution in seamless_process_line - CVE-2018-20182
+ </li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4</url>
+ <cvename>CVE-2018-20175</cvename>
+ <cvename>CVE-2018-20176</cvename>
+ <cvename>CVE-2018-8791</cvename>
+ <cvename>CVE-2018-8792</cvename>
+ <cvename>CVE-2018-8793</cvename>
+ <cvename>CVE-2018-8794</cvename>
+ <cvename>CVE-2018-8795</cvename>
+ <cvename>CVE-2018-8796</cvename>
+ <cvename>CVE-2018-8797</cvename>
+ <cvename>CVE-2018-8798</cvename>
+ <cvename>CVE-2018-8799</cvename>
+ <cvename>CVE-2018-8800</cvename>
+ <cvename>CVE-2018-20174</cvename>
+ <cvename>CVE-2018-20177</cvename>
+ <cvename>CVE-2018-20178</cvename>
+ <cvename>CVE-2018-20179</cvename>
+ <cvename>CVE-2018-20180</cvename>
+ <cvename>CVE-2018-20181</cvename>
+ <cvename>CVE-2018-20182</cvename>
+ </references>
+ <dates>
+ <discovery>2019-01-02</discovery>
+ <entry>2019-02-22</entry>
+ </dates>
+ </vuln>
+
<vuln vid="002b4b05-35dd-11e9-94a8-000ffec0b3e1">
<topic>drupal -- Drupal core - Highly critical - Remote Code Execution</topic>
<affects>
More information about the svn-ports-all
mailing list