-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 27 Nov 2017 16:57:57 -0200 Source: xrdp Binary: xrdp Architecture: source amd64 Version: 0.5.0-2+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Vincent Bernat <bernat@debian.org> Changed-By: Lucas Kanashiro <kanashiro@debian.org> Description: xrdp - Remote Desktop Protocol (RDP) server Changes: xrdp (0.5.0-2+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream. Checksums-Sha1: 03ce1f9d5ecec13b1b59580986c3528c2227fe88 1912 xrdp_0.5.0-2+deb7u2.dsc 7fe3a2fa1cfc68d128a75d204723074ed9ab3977 311756 xrdp_0.5.0.orig.tar.gz bc7b05f61eb44ab36d2d54798707acf406d148fa 14351 xrdp_0.5.0-2+deb7u2.debian.tar.gz 4689f675deff69b698d02c1bdbdfbb03452e327d 273650 xrdp_0.5.0-2+deb7u2_amd64.deb Checksums-Sha256: 53d435bf5154622176d217e28ca4aa8659dfe26bdbf2c2e9d8e67b0bde820378 1912 xrdp_0.5.0-2+deb7u2.dsc 5167c23b67605f05be42e99735b08fd06a5813f3e5f225274b33e89adf12ff9c 311756 xrdp_0.5.0.orig.tar.gz bc67b60aee58e5c27d32c23c2dc544f4618625e7a5b6a24998f6807ad8ec854f 14351 xrdp_0.5.0-2+deb7u2.debian.tar.gz 61da28a8046cbb355f7e27dfb047d3aa6e322312be41220b3785194999225617 273650 xrdp_0.5.0-2+deb7u2_amd64.deb Files: 8e34c36e7ce35e5b4c63e2b27404fc16 1912 net optional xrdp_0.5.0-2+deb7u2.dsc 995dfe4bce30d472ef18d701c4109993 311756 net optional xrdp_0.5.0.orig.tar.gz d2f47b20b287b3b3ea1d0369009860bf 14351 net optional xrdp_0.5.0-2+deb7u2.debian.tar.gz 31f97e9851f91c4cbbe2fdf3f39bb757 273650 net optional xrdp_0.5.0-2+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAloudjUACgkQ+COicpiD yXyXtA//ZLa6b/5e0pk43K1wCBEc9WvLNrKRTyecKuz75vvm8A50wMD+6t/z2oB0 JVEcDYGeGcUFtSx2rC4ROMjdv13AfpT/H4xdZvhxUKODLZskndOqJV9wj/7VN8Cn xJhJsPfvsNcDATaiCbNvRpFOBou4J7OzJuo7OLdmL9de2a8K4iLfhwj8PCJL7QbG zqSsh9qcPXy7IM/Z6nkA24Erk6Yvsj05L0EqJJOYmt/co/4nqm4IV3+SptE0yoUD Fug1bcNofJvlEtwKU07oyuvuDVQbh4Q9T8hGUZ3mqp0vRhKPxzwj4wbUYn1bHyNk EoxClQacBi+4wI3bMLnTyv0IGQDrVmvRswn8pFDGULfgABInJYulaCVkSBlyNPwS o85tCI/88GOPlnmQkdPyk0E46JtTfUECWz4qLNAJJwrrXAg3EOjSoSeFuPH1aoS/ dqZS1HVlr9iEOCinOvX/2YgUUhY2GVKCgV/6JJD7sMkSmus6tGxdrJ59MCyTOI4E 9xktxJEK1FUqGmVqwIbe2ksCJDPGwDy2Bwn27KJtDm71BZVwjCR3GmRNyFi2kpS4 J87/Vd9iR/uT/8YGvmsVw2rm9CpMJP+I1zfook7CGiqy6i1vPq7JJRxw11wn4jQL LMiaq58KdGCEVwOSZQZzfchhHc9sspQd1EF6ljzuoIysnSTDaes= =4aoi -----END PGP SIGNATURE-----