[Git][security-tracker-team/security-tracker][master] Add patch references for xrdp CVEs

Abhijith PA (@abhijith) abhijith at debian.org
Fri May 29 15:16:07 BST 2026 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f7db918 by Abhijith PA at 2026-05-29T19:45:36+05:30
Add patch references for xrdp CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26857,6 +26857,7 @@ CVE-2026-35546 (AnvizCX2 Lite and CX7are vulnerable to unauthenticated firmware
 CVE-2026-35512 (xrdp is an open source RDP server. Versions through 0.10.5 have a heap ...)
 	- xrdp 0.10.6-1 (bug #1134339)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-jg6p-7fg8-9hh6
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/8c407ce3ed690100fd9fd259c506f526ab74ee5f (v0.10.6)
 CVE-2026-35465 (SecureDrop Client is a desktop app for journalists to securely communi ...)
 	NOT-FOR-US: SecureDrop Client
 CVE-2026-35402 (mcp-neo4j-cypher is an MCP server for executing Cypher queries against ...)
@@ -26866,16 +26867,19 @@ CVE-2026-35061 (Anviz CX7 Firmwareis vulnerable to the most recently captured te
 CVE-2026-33689 (xrdp is an open source RDP server. Versions through 0.10.5 have an out ...)
 	- xrdp 0.10.6-1 (bug #1134339)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-92mr-6wpp-27jj
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/d1323f9bb0caebdb9ca46627579954c25599ed25 (v0.10.6)
 CVE-2026-33569 (AnvizCX2 Lite and CX7 administrative sessions occur over HTTP, enablin ...)
 	NOT-FOR-US: Anviz
 CVE-2026-33516 (xrdp is an open source RDP server. Versions through 0.10.5 contain an  ...)
 	- xrdp 0.10.6-1 (bug #1134339)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rvh9-9wm3-28c7
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/d2a8802c3124c103cd0c40aba661602420d01a73 (v0.10.6)
 CVE-2026-33436 (Stirling-PDF is a locally hosted web application that facilitates vari ...)
 	NOT-FOR-US: Stirling-PDF
 CVE-2026-33145 (xrdp is an open source RDP server. Versions through 0.10.5 allow an au ...)
 	- xrdp 0.10.6-1 (bug #1134339)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rmvv-7633-fg7h
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/4174e61f38e5ebf79dade7b30634e998311e573f (v0.10.6)
 CVE-2026-33093 (Anviz CX7 Firmwareis vulnerable to an unauthenticated POST to the devi ...)
 	NOT-FOR-US: Anviz
 CVE-2026-32650 (Anviz CrossChex Standardis vulnerable when an attacker manipulates the ...)
@@ -26885,17 +26889,25 @@ CVE-2026-32648 (AnvizCX2 Lite and CX7are vulnerable to unauthenticated access th
 CVE-2026-32624 (xrdp is an open source RDP server. Versions through 0.10.5 contain a h ...)
 	- xrdp 0.10.6-1 (bug #1134339)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7q2g-6fjr-h6pp
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/4594d4ed9198f5fa6c1f2eb03fac96110a4e0ebb (v0.10.6)
 CVE-2026-32623 (xrdp is an open source RDP server. Versions through 0.10.5 contain a h ...)
 	- xrdp 0.10.6-1 (bug #1134339)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-phw3-qp59-x2v4
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/b6b610f5f7bba56fcd355bb2131adffd2ba19e5a (v0.10.6)
 CVE-2026-32324 (Anviz CX7 Firmwareis vulnerable because the application embeds reusabl ...)
 	NOT-FOR-US: Anviz
 CVE-2026-32107 (xrdp is an open source RDP server. In versions through 0.10.5, the ses ...)
 	- xrdp 0.10.6-1 (bug #1134339)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/68b5ae9e2e3b3e040fe2174aa5fc652f0c5c67d1 (v0.10.6)
 CVE-2026-32105 (xrdp is an open source RDP server. In versions through 0.10.5, xrdp do ...)
 	- xrdp 0.10.6-1 (bug #1134339)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j2jm-c596-c5q3
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/391aaf92f9f944a612b8187552c9a49dcf3a60a5 (v0.10.6)
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/fdbdb3a34917a97f372f80ce27a5a8b8720b7f59 (v0.10.6)
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/1cdfc764ac57133e4a0561697161b17383f5a06e (v0.10.6)
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/a0b6151770f9343d0c7b8e31e3896466e8061676 (v0.10.6)
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/5e8f889f3994fe04f3a9984c53b26c00ff81f7ea (v0.10.6)
 CVE-2026-31927 (Anviz CX7 Firmwareis vulnerable to an authenticated CSV upload which a ...)
 	NOT-FOR-US: Anviz
 CVE-2026-2434 (The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Sit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f7db9184682d890dfee5edf8f366aeecf0cc06d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f7db9184682d890dfee5edf8f366aeecf0cc06d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260529/2b5e1179/attachment.htm>

More information about the debian-security-tracker-commits mailing list