[Git][security-tracker-team/security-tracker][master] Reserve DLA-4166-1 for xrdp
Abhijith PA (@abhijith)
abhijith at debian.org
Fri May 16 16:00:11 BST 2025
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
edc465c1 by Abhijith PA at 2025-05-16T20:29:54+05:30
Reserve DLA-4166-1 for xrdp
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -90270,7 +90270,6 @@ CVE-2024-40110 (Sourcecodester Poultry Farm Management System v1.0 contains an U
CVE-2024-39917 (xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have ...)
- xrdp 0.10.1-1 (bug #1076769)
[bookworm] - xrdp <no-dsa> (Minor issue)
- [bullseye] - xrdp <no-dsa> (Minor issue)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j
NOTE: https://github.com/neutrinolabs/xrdp/commit/8ac2f6db34649a93d3c9c4fe8fda61203702e615 (devel)
NOTE: https://github.com/neutrinolabs/xrdp/commit/61b509f1d5d9b85128504c7b752e6e36d7b60b15 (v0.10.1)
@@ -163849,7 +163848,6 @@ CVE-2023-42822 (xrdp is an open source remote desktop protocol server. Access to
[experimental] - xrdp 0.9.24-1
- xrdp 0.9.24-2 (bug #1053284)
[bookworm] - xrdp <no-dsa> (Minor issue)
- [bullseye] - xrdp <no-dsa> (Minor issue)
[buster] - xrdp <no-dsa> (Minor issue)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw
NOTE: https://github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40
@@ -167917,7 +167915,6 @@ CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server. In
[experimental] - xrdp 0.9.24-1
- xrdp 0.9.24-2 (bug #1051061)
[bookworm] - xrdp <no-dsa> (Minor issue)
- [bullseye] - xrdp <no-dsa> (Minor issue)
[buster] - xrdp <no-dsa> (Minor issue)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq
NOTE: https://github.com/neutrinolabs/xrdp/commit/25a1fab5b6c5ef2a8bb109232b765cb8b332ce5e
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 May 2025] DLA-4166-1 xrdp - security update
+ {CVE-2023-40184 CVE-2023-42822 CVE-2024-39917}
+ [bullseye] - xrdp 0.9.21.1-1~deb11u2
[14 May 2025] DLA-4165-1 open-vm-tools - security update
{CVE-2025-22247}
[bullseye] - open-vm-tools 2:11.2.5-2+deb11u4
=====================================
data/dla-needed.txt
=====================================
@@ -429,10 +429,6 @@ xmlrpc-c
NOTE: 20250411: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102554
NOTE: 20250413: General options investigated, posted to the bug and debian-lts (bunk)
--
-xrdp
- NOTE: 20250207: Added by Front-Desk (apo)
- NOTE: 20250227: https://people.debian.org/~abhijith/upload/xrdp_patches/ (abhijith)
---
yelp
NOTE: 20250505: Added by Front-Desk (Beuc)
NOTE: 20250505: High severity
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edc465c12db4f73ffe4132253b262df7f26a00e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edc465c12db4f73ffe4132253b262df7f26a00e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250516/e642e67a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list