2 files changed, 28 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch
new file mode 100644
index 0000000000..aa6952fb7d
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch
@@ -0,0 +1,27 @@
+From e3391e8d160f4b1b43d53b4a7d462a3601c45408 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Sat, 10 Jan 2026 08:36:38 +0100
+Subject: [PATCH] free up old audio formats
+CVE: CVE-2026-22852
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/cd1ffa112cfbe1b40a9fd57e299a8ea12e23df0d]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ channels/audin/client/audin_main.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/channels/audin/client/audin_main.c b/channels/audin/client/audin_main.c
+index 23561b153..5ffe09127 100644
+--- a/channels/audin/client/audin_main.c
+++ b/channels/audin/client/audin_main.c
+@@ -219,6 +219,10 @@ static UINT audin_process_formats(AUDIN_PLUGIN* audin, AUDIN_CHANNEL_CALLBACK* c
+        }
+ 
+        Stream_Seek_UINT32(s); /* cbSizeFormatsPacket */
+
+       audio_formats_free(callback->formats, callback->formats_count);
+       callback->formats_count = 0;
+
+        callback->formats = audio_formats_new(NumFormats);
+ 
+        if (!callback->formats)
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
index 3ee4f99c1a..70198a1e21 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
@@ -26,6 +26,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
           file://CVE-2024-32661.patch \
           file://CVE-2026-22854.patch \
           file://CVE-2026-22855.patch \
+           file://CVE-2026-22852.patch \
           "

diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch new file mode 100644 index 0000000000..aa6952fb7d --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch
@@ -0,0 +1,27 @@
		1	From e3391e8d160f4b1b43d53b4a7d462a3601c45408 Mon Sep 17 00:00:00 2001
		2	From: akallabeth <akallabeth@posteo.net>
		3	Date: Sat, 10 Jan 2026 08:36:38 +0100
		4	Subject: [PATCH] free up old audio formats
		5
		6	CVE: CVE-2026-22852
		7	Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/cd1ffa112cfbe1b40a9fd57e299a8ea12e23df0d]
		8	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		9	---
		10	channels/audin/client/audin_main.c \| 4 ++++
		11	1 file changed, 4 insertions(+)
		12
		13	diff --git a/channels/audin/client/audin_main.c b/channels/audin/client/audin_main.c
		14	index 23561b153..5ffe09127 100644
		15	--- a/channels/audin/client/audin_main.c
		16	+++ b/channels/audin/client/audin_main.c
		17	@@ -219,6 +219,10 @@ static UINT audin_process_formats(AUDIN_PLUGIN* audin, AUDIN_CHANNEL_CALLBACK* c
		18	}
		19
		20	Stream_Seek_UINT32(s); /* cbSizeFormatsPacket */
		21	+
		22	+ audio_formats_free(callback->formats, callback->formats_count);
		23	+ callback->formats_count = 0;
		24	+
		25	callback->formats = audio_formats_new(NumFormats);
		26
		27	if (!callback->formats)


diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb index 3ee4f99c1a..70198a1e21 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
@@ -26,6 +26,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
26	file://CVE-2024-32661.patch \	26	file://CVE-2024-32661.patch \
27	file://CVE-2026-22854.patch \	27	file://CVE-2026-22854.patch \
28	file://CVE-2026-22855.patch \	28	file://CVE-2026-22855.patch \
		29	file://CVE-2026-22852.patch \
29	"	30	"
30		31
31		32