Update submodules from pool/freerdp2#1 and create patchinfo.20260304100704501685.93181000773252/_patchinfo

2026-03-04 11:13:16 +01:00
2 changed files with 61 additions and 1 deletions
--- a/2
+++ b/2
--- a/patchinfo.20260304100704501685.93181000773252/_patchinfo
+++ b/patchinfo.20260304100704501685.93181000773252/_patchinfo
@@ -0,0 +1,60 @@
+<patchinfo>
+  <issue tracker="bnc" id="1257988">VUL-0: CVE-2026-24681: freerdp,freerdp2: Heap-use-after-free in urb_bulk_transfer_cb</issue>
+  <issue tracker="bnc" id="1257991">VUL-0: CVE-2026-24684: freerdp,freerdp2: Heap-use-after-free in play_thread</issue>
+  <issue tracker="bnc" id="1257986">VUL-0: CVE-2026-24679: freerdp,freerdp2: Heap-buffer-overflow in urb_select_interface</issue>
+  <issue tracker="cve" id="2026-22859"/>
+  <issue tracker="bnc" id="1257990">VUL-0: CVE-2026-24683: freerdp,freerdp2: Heap-use-after-free in ainput_send_input_event</issue>
+  <issue tracker="cve" id="2026-24676"/>
+  <issue tracker="cve" id="2026-24684"/>
+  <issue tracker="bnc" id="1219049">VUL-0: CVE-2024-22211: freerdp: In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow.</issue>
+  <issue tracker="cve" id="2026-22854"/>
+  <issue tracker="cve" id="2024-22211"/>
+  <issue tracker="bnc" id="1256940">VUL-0: CVE-2026-23530: freerdp,freerdp2: improper validation can lead to heap buffer overflow in `planar_decompress_plane_rle`</issue>
+  <issue tracker="bnc" id="1231317">[Build 20241004] openQA test fails in zdup: freerdp2 failed to build</issue>
+  <issue tracker="bnc" id="1256944">VUL-0: CVE-2026-23534: freerdp,freerdp2: missing checks can lead to heap buffer overflow in `clear_decompress_bands_data`</issue>
+  <issue tracker="bnc" id="1256942">VUL-0: CVE-2026-23532: freerdp,freerdp2: mismatch between destination rectangle clamping and the actual copy size can lead to a heap buffer overflow in `gdi_SurfaceToSurface`</issue>
+  <issue tracker="bnc" id="1256720">VUL-0: CVE-2026-22854: freerdp,freerdp2: Heap-buffer-overflow in drive_process_irp_read</issue>
+  <issue tracker="cve" id="2026-23530"/>
+  <issue tracker="bnc" id="1256941">VUL-0: CVE-2026-23531: freerdp,freerdp2: improper validation in `clear_decompress` can lead to heap buffer overflow</issue>
+  <issue tracker="bnc" id="1257983">VUL-0: CVE-2026-24676: freerdp,freerdp2: Heap-use-after-free in audio_format_compatible</issue>
+  <issue tracker="cve" id="2026-24682"/>
+  <issue tracker="bnc" id="1257982">VUL-0: CVE-2026-24675: freerdp,freerdp2: Heap-use-after-free in urb_select_interface</issue>
+  <issue tracker="cve" id="2026-23534"/>
+  <issue tracker="bnc" id="1257989">VUL-0: CVE-2026-24682: freerdp,freerdp2: Heap-buffer-overflow in audio_formats_free</issue>
+  <issue tracker="cve" id="2026-23531"/>
+  <issue tracker="bnc" id="1256725">VUL-0: CVE-2026-22859: freerdp,freerdp2: Heap-buffer-overflow in urb_select_configuration</issue>
+  <issue tracker="cve" id="2026-22852"/>
+  <issue tracker="cve" id="2026-24491"/>
+  <issue tracker="bnc" id="1257981">VUL-0: CVE-2026-24491: freerdp,freerdp2: Heap-use-after-free in video_timer</issue>
+  <issue tracker="bnc" id="1256718">VUL-0: CVE-2026-22852: freerdp,freerdp2: Heap-buffer-overflow in audin_process_formats</issue>
+  <issue tracker="bnc" id="1256722">VUL-0: CVE-2026-22856: freerdp,freerdp2: Heap-use-after-free in create_irp_thread</issue>
+  <issue tracker="cve" id="2026-24683"/>
+  <issue tracker="cve" id="2026-23532"/>
+  <issue tracker="cve" id="2026-22856"/>
+  <issue tracker="cve" id="2026-24681"/>
+  <issue tracker="cve" id="2026-24675"/>
+  <issue tracker="cve" id="2026-24679"/>
+  <packager>yfjiang</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for freerdp2</summary>
+  <description>This update for freerdp2 fixes the following issues:
+
+Changes in freerdp2:
+
+- Multiple CVE fixes:
+    CVE-2026-24491, bsc#1257981, CVE-2026-24675, bsc#1257982,
+    CVE-2026-24676, bsc#1257983, CVE-2026-24679, bsc#1257986,
+    CVE-2026-24681, bsc#1257988, CVE-2026-24682, bsc#1257989,
+    CVE-2026-24683, bsc#1257990, CVE-2026-24684, bsc#1257991,
+    CVE-2026-22852, bsc#1256718, CVE-2026-22854, bsc#1256720,
+    CVE-2026-22856, bsc#1256722, CVE-2026-22859, bsc#1256725,
+    CVE-2026-23530, bsc#1256940, CVE-2026-23531, bsc#1256941,
+    CVE-2026-23532, bsc#1256942, CVE-2026-23534, bsc#1256944.
+
+- Fix build issue in h264_ffmpeg.c (ffmpeg 7).
+
+- Add upstream fixes (picked from Debian) (boo#1231317)
+</description>
+  <package>freerdp2</package>
+</patchinfo>