Skip to content

Commit

Permalink
Updated changelog for 2.1.1
Browse files Browse the repository at this point in the history 
(cherry picked from commit 470b21d)
  • Loading branch information
@akallabeth
akallabeth committed May 20, 2020
1 parent fd92500 commit 8fb6336
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions ChangeLog
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,21 @@
# 2020-05-20 Version 2.1.1

Important notes:
* CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
* CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value
* CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
* Enforce synchronous legacy RDP encryption count (#6156)
* Fixed some leaks and crashes missed in 2.1.0
* Removed dynamic channel listener limits
* Lots of resource cleanup fixes (clang sanitizers)
* A couple of performance improvements
* Various small annoyances eliminated (typos, prefilled username for windows client, ...)


For a complete and detailed change log since the last release candidate run:
git log 2.1.0..2.1.1


# 2020-05-05 Version 2.1.0

Important notes:
Expand Down

5 comments on commit 8fb6336

@weberhofer
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@akallabeth are thos CVE's real ones with with numbers or are those 'only' issues reported by GHSL you have provided workarounds for?
Thanks for your work, it's really great to see freerdp finally up to date!

@antonio-morales
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @weberhofer, we've requested CVE for these vulns. I'll update CVE's info asap.

Regards

@weberhofer
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the response, @antonio-morales. Please keep me updated, as I need them for our openSUSE workflow.

@antonio-morales
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@weberhofer These CVE IDs have been assigned:

Regards

@tcullum-rh
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@weberhofer These CVE IDs have been assigned:

* GHSL-2020-100 => CVE-2020-13396

* CVE: GHSL-2020-101 => CVE-2020-13397

* CVE: GHSL-2020-102  => CVE-2020-13398

Regards

hi @antonio-morales , Do you know why the patch for GHSL-2020-101 checks for NULL ptr deref but yet the CVE page for it says it's an uninitialised pointer problem causing an OOB read?

Please sign in to comment.