--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: xrdp: New release with security fixes
- From: Stephen Quinney <stephen@jadevine.org.uk>
- Date: Mon, 25 Sep 2023 15:37:28 +0100
- Message-id: <169565264889.109299.14828732626645015199.reportbug@trilobite>
Source: xrdp
Version: 0.9.21.1-1
Severity: important
X-Debbugs-Cc: stephen@jadevine.org.uk
Dear Maintainer,
A new version of xrdp - 0.9.23 - was released on 2023/08/31 which
contains an important security fix for CVE-2023-40184: "Improper
handling of session establishment errors allows bypassing OS-level
session restrictions". I just wanted to check, will this be available
in unstable soon and backported to stable?
Thanks for your work on maintaining the xrdp package, it's much
appreciated!
Regards,
Stephen Quinney
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-12-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---