Bug#1052646: marked as done (xrdp: New release with security fixes)

To: Gürkan Myczko <gurkan@phys.ethz.ch>
Subject: Bug#1052646: marked as done (xrdp: New release with security fixes)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 17 Mar 2024 19:21:03 +0000
Message-id: <[🔎] handler.1052646.D1052646.1710702963641359.ackdone@bugs.debian.org>
Reply-to: 1052646@bugs.debian.org
References: <ea80d401426e527f44e81eb0ae7a20fa@phys.ethz.ch> <169565264889.109299.14828732626645015199.reportbug@trilobite>

Your message dated Sun, 17 Mar 2024 20:15:59 +0100
with message-id <ea80d401426e527f44e81eb0ae7a20fa@phys.ethz.ch>
and subject line xrdp: New release with security fixes
has caused the Debian Bug report #1052646,
regarding xrdp: New release with security fixes
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1052646: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052646
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xrdp: New release with security fixes
From: Stephen Quinney <stephen@jadevine.org.uk>
Date: Mon, 25 Sep 2023 15:37:28 +0100
Message-id: <169565264889.109299.14828732626645015199.reportbug@trilobite>

Source: xrdp
Version: 0.9.21.1-1
Severity: important
X-Debbugs-Cc: stephen@jadevine.org.uk

Dear Maintainer,

A new version of xrdp - 0.9.23 - was released on 2023/08/31 which
contains an important security fix for CVE-2023-40184: "Improper
handling of session establishment errors allows bypassing OS-level
session restrictions". I just wanted to check, will this be available
in unstable soon and backported to stable?

Thanks for your work on maintaining the xrdp package, it's much
appreciated!

Regards,

Stephen Quinney

-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-12-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---

--- Begin Message ---

To: 1052646-done@bugs.debian.org

Subject: xrdp: New release with security fixes

From: Gürkan Myczko <gurkan@phys.ethz.ch>

Date: Sun, 17 Mar 2024 20:15:59 +0100

Message-id: <ea80d401426e527f44e81eb0ae7a20fa@phys.ethz.ch>
Hi Stephen

Thanks for the report, this has been fixed with:

xrdp (0.9.24-1) experimental; urgency=medium

  * New upstream version. (Closes: #1053284, #1051061)
    (CVE-2023-42822 and CVE-2023-40184)
--- End Message ---

Reply to:

Prev by Date: Bug#995573: marked as done (Bug - Known Issue : xRDP connection results in Oh No ! something has gone wrong..Logout when Gnome Desktop used)
Next by Date: Bug#860890: needs ssl-cert membership, does not report the error
Previous by thread: Bug#995573: marked as done (Bug - Known Issue : xRDP connection results in Oh No ! something has gone wrong..Logout when Gnome Desktop used)
Next by thread: Bug#860890: needs ssl-cert membership, does not report the error
Index(es):
- Date
- Thread