From 1126be70ffb5c2b3255ceb9219362a8a45dd68d7 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Thu, 18 Apr 2024 19:09:34 +0200 Subject: [PATCH] package/freerdp: security bump to version 2.11.6 Fix the following CVEs: - CVE-2024-32041 [Low[ OutOfBound Read in zgfx_decompress_segment - CVE-2024-32039 [Moderate] Integer overflow & OutOfBound Write in clear_decompress_residual_data - CVE-2024-32040 [Low] integer underflow in nsc_rle_decode - CVE-2024-32458 [Low] OutOfBound Read in planar_skip_plane_rle - CVE-2024-32459 [Low] OutOfBound Read in ncrush_decompress - CVE-2024-32460 [Low] OutOfBound Read in interleaved_decompress https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6 Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/freerdp/freerdp.hash | 4 ++-- package/freerdp/freerdp.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/freerdp/freerdp.hash b/package/freerdp/freerdp.hash index daf933e0af..9ac9b25066 100644 --- a/package/freerdp/freerdp.hash +++ b/package/freerdp/freerdp.hash @@ -1,5 +1,5 @@ -# From https://pub.freerdp.com/releases/freerdp-2.11.5.tar.gz.sha256 -sha256 70785ad9934d75aed1734f8918a05aff95788e58e53081e84651106b24303dc2 freerdp-2.11.5.tar.gz +# From https://pub.freerdp.com/releases/freerdp-2.11.6.tar.gz.sha256 +sha256 ad5a0c7761b18af914041ed50902d6c9fd553e65eeba8a1bea41c4149980b84c freerdp-2.11.6.tar.gz # Locally calculated sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE diff --git a/package/freerdp/freerdp.mk b/package/freerdp/freerdp.mk index 29b33f61c3..8e359cbb4f 100644 --- a/package/freerdp/freerdp.mk +++ b/package/freerdp/freerdp.mk @@ -4,7 +4,7 @@ # ################################################################################ -FREERDP_VERSION = 2.11.5 +FREERDP_VERSION = 2.11.6 FREERDP_SITE = https://pub.freerdp.com/releases FREERDP_DEPENDENCIES = libglib2 openssl zlib FREERDP_LICENSE = Apache-2.0