-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 May 2025 15:16:34 +0530 Source: xrdp Binary: xrdp xrdp-dbgsym Architecture: ppc64el Version: 0.9.21.1-1+deb12u1 Distribution: bookworm Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) Changed-By: Abhijith PA Description: xrdp - Remote Desktop Protocol (RDP) server Closes: 1051061 1053284 1076769 Changes: xrdp (0.9.21.1-1+deb12u1) bookworm; urgency=high . * Non-maintainer upload * Fix CVE-2023-40184: Improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero. PAM error which may result in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed (Closes: #1051061) * Fix CVE-2023-42822: Access to the font glyphs in xrdp_painter.c is not bounds-checked. (Closes: #1053284) * Fix CVE-2024-39917: vulnerability that allows attackers to make an infinite number of login attempts. (Closes: #1076769) Checksums-Sha1: a276b5edb9faee8a74fb8077eb4d5e0fb1d733a1 864668 xrdp-dbgsym_0.9.21.1-1+deb12u1_ppc64el.deb 83a2a8fda16e7e059b36b93c1399eb63247f5043 7977 xrdp_0.9.21.1-1+deb12u1_ppc64el-buildd.buildinfo ac28fb4437c85ab46acbea629bba7d31c03d7d1a 523252 xrdp_0.9.21.1-1+deb12u1_ppc64el.deb Checksums-Sha256: eb9d5b6c87effed026fefc9afa1fb6e2dabee2dcf29550c80fad351c874c6aaf 864668 xrdp-dbgsym_0.9.21.1-1+deb12u1_ppc64el.deb afc0833d2bb3ef0fd18877daf57dd2ae0b46a825fc7212ed9fc1d117a23a02bd 7977 xrdp_0.9.21.1-1+deb12u1_ppc64el-buildd.buildinfo ed2a4b5124718fd110dd3580db4bc83ec439f8a5bf2d88947783b5a7a3c04b1b 523252 xrdp_0.9.21.1-1+deb12u1_ppc64el.deb Files: 1fb15bff5dffc38397b4bc0007183eab 864668 debug optional xrdp-dbgsym_0.9.21.1-1+deb12u1_ppc64el.deb be74d7a83837d0d0f40e3a66894b8224 7977 net optional xrdp_0.9.21.1-1+deb12u1_ppc64el-buildd.buildinfo eb707771a0e1875598173c14e42e3e80 523252 net optional xrdp_0.9.21.1-1+deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYo4fOZBRi9qmvTxH1PowSTJ8+YQFAmg7eMMACgkQ1PowSTJ8 +YQ+7A/9GZCyevYus8rHuxUcTc+X2kctu4PivIVQpi4epQPvQDv2QjesJoXAsSza CaPe/VymjVpkFuvvTkGPOz63lBVeUkFLsT1W46jsWhNLC46zGMm1exScXu/s0zAn Ege0Mgcs/yvMw4QFe4fJ/hZa+y3R5EPL1Y1PJ1flSxWEXXGw6r2K75Nr/7FcOLEj CyAyDIJgr3c2MDYlT8j+CopHucTRMn2bcZrWLTRyeN3lBYlaVJE/c81AajS3fbiX aOgFRZsDOHosWHRG0Owg+DKlh9mA+f5tvKVJvwLYcEHn5UJKd/tVPC+qMIEGnhbX E0HZocO7BFMdsUODg8APrB373lSnYFrRsFL/WnJWuj5cljI/7C0yTnIyzp5NpCAQ +aqXJtrxgUWkqWyMGl4R+c0W0qpg/HeXDMdP8J9nyk+9HFUV6dq9TaRQ3W6R9muR Mx0njfnMo8fnxoghFMI7jYZky0kyeBlrtSjHVkdFTkQIXzAxdpcJg/0UiyPtVJwK 9jDIoS7qsKGktVpY3cT/cbI/Vv80ShtwyhY/6ez07+tRSf4sZk0Dv/UNNpAMxZ4G cXDEXHjo5Ql0ZYlJ08yJn0AyUtqiloIBYR/4MEY9cBcXv+5jJe7DT2t/Qlnd/HPW DKO/gmNYA7wVQzHj+DvALB7E//WWxjfcrAybvM83HYWJII7fgCY= =cnsz -----END PGP SIGNATURE-----