-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 May 2025 15:16:34 +0530 Source: xrdp Architecture: source Version: 0.9.21.1-1+deb12u1 Distribution: bookworm Urgency: high Maintainer: Debian Remote Maintainers Changed-By: Abhijith PA Closes: 1051061 1053284 1076769 Changes: xrdp (0.9.21.1-1+deb12u1) bookworm; urgency=high . * Non-maintainer upload * Fix CVE-2023-40184: Improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero. PAM error which may result in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed (Closes: #1051061) * Fix CVE-2023-42822: Access to the font glyphs in xrdp_painter.c is not bounds-checked. (Closes: #1053284) * Fix CVE-2024-39917: vulnerability that allows attackers to make an infinite number of login attempts. (Closes: #1076769) Checksums-Sha1: 8b502051fe8e35b1dd5ca172a8a7bdeac37ce601 2296 xrdp_0.9.21.1-1+deb12u1.dsc f19cfbbc1ade5e4cb9bf2cd343c9f15f5cab99d8 27172 xrdp_0.9.21.1-1+deb12u1.debian.tar.xz 701c67aa14016c75d636ab55af212d83c412d8c3 8029 xrdp_0.9.21.1-1+deb12u1_amd64.buildinfo Checksums-Sha256: c8f267a4f28acd11bb1193399fe59c29c2814f5bfc469357874bb3089741e5a8 2296 xrdp_0.9.21.1-1+deb12u1.dsc 3442ea538b738159a803007b1ff3bb510894519c7cf7aa55de7d3667d8bc86b8 27172 xrdp_0.9.21.1-1+deb12u1.debian.tar.xz 2c96b7dc1fcd9be7a5733d44afd715eb512e024eda273efd3076d4443db17ea2 8029 xrdp_0.9.21.1-1+deb12u1_amd64.buildinfo Files: 9fe37d17efe60bedb3ab660301208cff 2296 net optional xrdp_0.9.21.1-1+deb12u1.dsc 6f330622abc6516ec9ab6171480eaaca 27172 net optional xrdp_0.9.21.1-1+deb12u1.debian.tar.xz 4353d36309fbb27200cbb40ca46fba6f 8029 net optional xrdp_0.9.21.1-1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmg0EyUUHGFiaGlqaXRo QGRlYmlhbi5vcmcACgkQhj1N8u2cKO/kkQ/9F7n0sTrLEdDlLTym4+uuxhJfPca2 2KdBbMSO+x3ly0qVjs48qV6WfKTwbJ+hQVPnCPkkgcSM9IRG1EgbMjA3+tYnuKSd Lyje/9Urbez9wjzjYNC+BQVPwqaAFBrPw0hsfc1FMnoBaepN/9LN9RYTikGdPPIp F/BL6bKDcRiB23FVS8oVTq/ZyMK8A+f981/ws7bQeOaEx6DbbtQ20m1ATuk5mI7L 2bKySVVYerrucgEmh0jTdLCDEuqRE0jdnDi9mklGZ2NnWiGCb17Z6FgPNKWSGkcS Eof6tlP8w8QmweRPuVPS8A/lr4lDxOFzoCjvDhLvyw9lB/WDTRIutiHg07Rw70BB driTliaj+zi97YwCs9A5rBNzLf66PJRFoVw28xjesdmbmk0VhrVFssnTZk966/Wv q5YI96PdwxNN6+uzm7JapXoFyrTCaPmBk6kaM2ykd3vR1aJhJwbzD0eU7+uJ8NVL YzD+3/vlgwvuQCL4ic12HC3II/6YGfqVmWrx+BB1l8xmgcuPoE7jB7OS2qoM/shF 0W6n3TXQJXHj7aRjYt1JWzX6gItlhoSGzkIYxbb+STXlPjtYRx5mhZEvokTpwNqa ca5MLe+LcpStuXwu4L7NMekPF2VG3qzFxfaQOh68PkqQ1TTxY1EGy+qnQ9YzDGeS jx+0y/jY03N+Dno= =G+BQ -----END PGP SIGNATURE-----