From 75215ad90bf79d6b3960f1a2de4473cc08489262 Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Wed, 18 Sep 2019 10:44:18 +0200 Subject: [PATCH] Update ChangeLog from 1.8.x branch --- doc/ChangeLog | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/doc/ChangeLog b/doc/ChangeLog index c85575b..3af89af 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,43 @@ +rdesktop (1.8.6) + * Fix protocol code handling new licenses + + -- Pierre Ossman 2019-05-16 + +rdesktop (1.8.5) + * Add bounds checking to protocol handling in order to fix many + security problems when communicating with a malicious server. + + -- Pierre Ossman 2019-05-08 + +rdesktop (1.8.4) + * Add rdp_protocol_error function that is used in several fixes + * Refactor of process_bitmap_updates + * Fix possible integer overflow in s_check_rem() on 32bit arch + * Fix memory corruption in process_bitmap_data - CVE-2018-8794 + * Fix remote code execution in process_bitmap_data - CVE-2018-8795 + * Fix remote code execution in process_plane - CVE-2018-8797 + * Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175 + * Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175 + * Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176 + * Fix Denial of Service in sec_recv - CVE-2018-20176 + * Fix minor information leak in rdpdr_process - CVE-2018-8791 + * Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792 + * Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793 + * Fix Denial of Service in process_bitmap_data - CVE-2018-8796 + * Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798 + * Fix Denial of Service in process_secondary_order - CVE-2018-8799 + * Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800 + * Fix major information leak in ui_clip_handle_data - CVE-2018-20174 + * Fix memory corruption in rdp_in_unistr - CVE-2018-20177 + * Fix Denial of Service in process_demand_active - CVE-2018-20178 + * Fix remote code execution in lspci_process - CVE-2018-20179 + * Fix remote code execution in rdpsnddbg_process - CVE-2018-20180 + * Fix remote code execution in seamless_process - CVE-2018-20181 + * Fix remote code execution in seamless_process_line - CVE-2018-20182 + * Fix building against OpenSSL 1.1 + + -- Henrik Andersson 2019-01-02 + rdesktop (1.8.3) * Added a persistent mode used with SeamlessRDP * Added US international keyboard layout with dead keys