Control: reassign -1 src:freerdp3 3.15.0+dfsg-2 Control: retitle -1 freerdp3: CVE-2025-4478 Control: forwarded -1 https://github.com/FreeRDP/FreeRDP/pull/11573
Hi, On Sat, May 17, 2025 at 11:46:05AM +0200, Salvatore Bonaccorso wrote: > Source: gnome-remote-desktop > Version: 48.1-2 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi, > > The following vulnerability was published for gnome-remote-desktop. > > CVE-2025-4478[0]: > | A flaw was found in the gnome-remote-desktop used by Anaconda's > | remote install feature, where a crafted RDP packet could trigger a > | segmentation fault. This issue causes the service to crash and > | remain defunct, resulting in a denial of service. It occurs pre-boot > | and is likely due to a NULL pointer dereference. Rebooting is > | required to recover the system. > > I'm not entirely sure about this one, the reference is given to the RH > Bugzilla to [1] and it might relate to the issues reported in [2]. Do > you happend to know more about this assignment? > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2025-4478 > https://www.cve.org/CVERecord?id=CVE-2025-4478 > [1] https://bugzilla.redhat.com/show_bug.cgi?id=2365232 > [2] https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196 Turns out that is actually an issue in src:freerdp3, reassigning. See https://bugzilla.redhat.com/show_bug.cgi?id=2365232#c9 Regards, Salvatore
