"new" freerdp issue

author: Moritz Muehlenhoff <jmm@debian.org> 2020-09-09 23:21:58 +0200
committer: Moritz Muehlenhoff <jmm@debian.org> 2020-09-09 23:21:58 +0200
commit: 3c1a0052f327fcbd9cdef5d55c450d122f83ba5c (patch)
tree: a07bb214399ce88c194c49f5bdd881ee9d0000dd /data/CVE/2019.list
parent: e9a664755d0342a8d79a935385e8fc8663c3d09d (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 27b9ab68d0..bd981a85b2 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -9397,7 +9397,14 @@ CVE-2019-17180 (Valve Steam Client before 2019-09-12 allows placing or appending
 CVE-2019-17179 (4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5 ...)
 	NOT-FOR-US: OpenEMR
 CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-0 ...)
-	TODO: check
+	- freerdp2 2.1.1+dfsg1-1
+	[buster] - freerdp2 <no-dsa> (Minor issue)
+	- freerdp <removed>
+	NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645
+	NOTE: https://github.com/akallabeth/FreeRDP/commit/fc80ab45621bd966f70594c0b7393ec005a94007
+	NOTE: Multiple source packages embed a copy of lodepng (openscad, tbb, mame, passage,
+	NOTE: quakespasm, simbody, paraview, dart, drumgizmo, doxygen, love, libtcod, f
+	NOTE: cubicsdr, nestopia, refind, zopfli, montage), but don't seem security-relevant
 CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0 ...)
 	- freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2 (low)
 	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1
author	Moritz Muehlenhoff <jmm@debian.org>	2020-09-09 23:21:58 +0200
committer	Moritz Muehlenhoff <jmm@debian.org>	2020-09-09 23:21:58 +0200
commit	3c1a0052f327fcbd9cdef5d55c450d122f83ba5c (patch)
tree	a07bb214399ce88c194c49f5bdd881ee9d0000dd /data/CVE/2019.list
parent	e9a664755d0342a8d79a935385e8fc8663c3d09d (diff)