Your message dated Sun, 17 Mar 2024 20:15:59 +0100 with message-id <[email protected]> and subject line xrdp: New release with security fixes has caused the Debian Bug report #1052646, regarding xrdp: New release with security fixes to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1052646: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052646 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: xrdp Version: 0.9.21.1-1 Severity: important X-Debbugs-Cc: [email protected] Dear Maintainer, A new version of xrdp - 0.9.23 - was released on 2023/08/31 which contains an important security fix for CVE-2023-40184: "Improper handling of session establishment errors allows bypassing OS-level session restrictions". I just wanted to check, will this be available in unstable soon and backported to stable? Thanks for your work on maintaining the xrdp package, it's much appreciated! Regards, Stephen Quinney -- System Information: Debian Release: 12.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-12-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Hi Stephen Thanks for the report, this has been fixed with: xrdp (0.9.24-1) experimental; urgency=medium * New upstream version. (Closes: #1053284, #1051061) (CVE-2023-42822 and CVE-2023-40184)
--- End Message ---
