-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 May 2025 15:16:34 +0530 Source: xrdp Binary: xrdp xrdp-dbgsym Architecture: mips64el Version: 0.9.21.1-1+deb12u1 Distribution: bookworm Urgency: high Maintainer: mipsel Build Daemon (mipsel-osuosl-04) Changed-By: Abhijith PA Description: xrdp - Remote Desktop Protocol (RDP) server Closes: 1051061 1053284 1076769 Changes: xrdp (0.9.21.1-1+deb12u1) bookworm; urgency=high . * Non-maintainer upload * Fix CVE-2023-40184: Improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero. PAM error which may result in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed (Closes: #1051061) * Fix CVE-2023-42822: Access to the font glyphs in xrdp_painter.c is not bounds-checked. (Closes: #1053284) * Fix CVE-2024-39917: vulnerability that allows attackers to make an infinite number of login attempts. (Closes: #1076769) Checksums-Sha1: 61eb0f7cb9cd70f4b1a52f8e612634e6864cb024 870556 xrdp-dbgsym_0.9.21.1-1+deb12u1_mips64el.deb cc73d242f596a517ba2bcfd96ed81ccc5cabfc8b 7769 xrdp_0.9.21.1-1+deb12u1_mips64el-buildd.buildinfo da3730683ec9839af650e67407fc5861b5fa9175 490824 xrdp_0.9.21.1-1+deb12u1_mips64el.deb Checksums-Sha256: 314ae275c793c1736ca799b66539fb524042b70eaefb4f10aa54147f4b8306bd 870556 xrdp-dbgsym_0.9.21.1-1+deb12u1_mips64el.deb ffa1794eb8cc938387dbff3b40f9173d71d39da746ac14f01aed51f94ce004d2 7769 xrdp_0.9.21.1-1+deb12u1_mips64el-buildd.buildinfo a84cf468a28fd661c5ed11af5ca66a3e5ef4ac47b53bf04b17b0fcfddae97741 490824 xrdp_0.9.21.1-1+deb12u1_mips64el.deb Files: 25e319387d26d7adbd4bfaa77b1d1ca3 870556 debug optional xrdp-dbgsym_0.9.21.1-1+deb12u1_mips64el.deb cc56f3b2b1fcfd9c91ef6443dbe80c02 7769 net optional xrdp_0.9.21.1-1+deb12u1_mips64el-buildd.buildinfo 95ae9856d49e7ac95140ad13498427ce 490824 net optional xrdp_0.9.21.1-1+deb12u1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERbXMbY9VMQqnSaVEV4aVsMglzVcFAmg7gM0ACgkQV4aVsMgl zVfQqRAAo7m3OVzFLhRKbWljIj5vUNuVUDJ4SfUumtBFweBLA1W2EerYRM3j9cmp khQU5tIF/DXqxjq2cLeSq0LDKjE2eGr9sKzkeT8c42PM194Mc4bhJOHcRyWbNYak KeMhdvoG/5xoCKmEa5nvAPxfYRDW8JLZDAQbfWgY2DQaKsIZBwQQ/dKu0LTy98q1 eFal4eCJSOhw18LundmkQIFisfRYCfljipKoiLMKpHpUsGMzCb+Bh1ZfWoso1ZdA 3wMr5FghXkmFXl9yT7bzfl7yfNQ0jx3jXry35amemU3mfPVZcuYMO+p5fduBDm7E wZ+NZQ4aLrmWmcd0tUNftRhjxCs4X0EceM7cnsev3aL9jqNpRs2fNFyw/VJHaZls 0D2yRhpvOFnj6sKfzmK8GA/4PnGMV7zu5M8n0GuXsR6xd6sovKwkztVeAUDZsI4b 95R+X1blafwBx8KGaDzz3ZN/pPFLSeBqE2/5r7+pdSVdeIVyZqe5vS20rpyd69bg E5vE0/pGWArya6tzEczq7aEzugi0mZOfKNwnUWGBxEJxR+QawVCamJ9j7LvEX9jR qx5oummC/3Z7cSkZBm5z7FJWLg3QMXeZhWrVvQIRf+kIGjGwBQ5Wxbk7eGtjH0SH 3klZ3SZpa4c1eadX/5y6o0rSFaHnGjXgC4YsffZ/Z+k6lEDijnU= =xdmG -----END PGP SIGNATURE-----