-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 25 May 2025 15:16:34 +0530
Source: xrdp
Architecture: source
Version: 0.9.21.1-1+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Abhijith PA <abhijith@debian.org>
Closes: 1051061 1053284 1076769
Changes:
 xrdp (0.9.21.1-1+deb12u1) bookworm; urgency=high
 .
   * Non-maintainer upload
   * Fix CVE-2023-40184: Improper handling of session establishment
     errors allows bypassing OS-level session restrictions. The
     `auth_start_session` function can return non-zero. PAM error
     which may result in session restrictions such as max concurrent
     sessions per user by PAM (ex ./etc/security/limits.conf) to be
     bypassed (Closes: #1051061)
   * Fix CVE-2023-42822: Access to the font glyphs in xrdp_painter.c
     is not bounds-checked. (Closes: #1053284)
   * Fix CVE-2024-39917:  vulnerability that allows attackers to make
     an infinite number of login attempts. (Closes: #1076769)
Checksums-Sha1:
 8b502051fe8e35b1dd5ca172a8a7bdeac37ce601 2296 xrdp_0.9.21.1-1+deb12u1.dsc
 f19cfbbc1ade5e4cb9bf2cd343c9f15f5cab99d8 27172 xrdp_0.9.21.1-1+deb12u1.debian.tar.xz
 701c67aa14016c75d636ab55af212d83c412d8c3 8029 xrdp_0.9.21.1-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
 c8f267a4f28acd11bb1193399fe59c29c2814f5bfc469357874bb3089741e5a8 2296 xrdp_0.9.21.1-1+deb12u1.dsc
 3442ea538b738159a803007b1ff3bb510894519c7cf7aa55de7d3667d8bc86b8 27172 xrdp_0.9.21.1-1+deb12u1.debian.tar.xz
 2c96b7dc1fcd9be7a5733d44afd715eb512e024eda273efd3076d4443db17ea2 8029 xrdp_0.9.21.1-1+deb12u1_amd64.buildinfo
Files:
 9fe37d17efe60bedb3ab660301208cff 2296 net optional xrdp_0.9.21.1-1+deb12u1.dsc
 6f330622abc6516ec9ab6171480eaaca 27172 net optional xrdp_0.9.21.1-1+deb12u1.debian.tar.xz
 4353d36309fbb27200cbb40ca46fba6f 8029 net optional xrdp_0.9.21.1-1+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmg0EyUUHGFiaGlqaXRo
QGRlYmlhbi5vcmcACgkQhj1N8u2cKO/kkQ/9F7n0sTrLEdDlLTym4+uuxhJfPca2
2KdBbMSO+x3ly0qVjs48qV6WfKTwbJ+hQVPnCPkkgcSM9IRG1EgbMjA3+tYnuKSd
Lyje/9Urbez9wjzjYNC+BQVPwqaAFBrPw0hsfc1FMnoBaepN/9LN9RYTikGdPPIp
F/BL6bKDcRiB23FVS8oVTq/ZyMK8A+f981/ws7bQeOaEx6DbbtQ20m1ATuk5mI7L
2bKySVVYerrucgEmh0jTdLCDEuqRE0jdnDi9mklGZ2NnWiGCb17Z6FgPNKWSGkcS
Eof6tlP8w8QmweRPuVPS8A/lr4lDxOFzoCjvDhLvyw9lB/WDTRIutiHg07Rw70BB
driTliaj+zi97YwCs9A5rBNzLf66PJRFoVw28xjesdmbmk0VhrVFssnTZk966/Wv
q5YI96PdwxNN6+uzm7JapXoFyrTCaPmBk6kaM2ykd3vR1aJhJwbzD0eU7+uJ8NVL
YzD+3/vlgwvuQCL4ic12HC3II/6YGfqVmWrx+BB1l8xmgcuPoE7jB7OS2qoM/shF
0W6n3TXQJXHj7aRjYt1JWzX6gItlhoSGzkIYxbb+STXlPjtYRx5mhZEvokTpwNqa
ca5MLe+LcpStuXwu4L7NMekPF2VG3qzFxfaQOh68PkqQ1TTxY1EGy+qnQ9YzDGeS
jx+0y/jY03N+Dno=
=G+BQ
-----END PGP SIGNATURE-----