xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.
1 new commit since last upload, is it time to release?
vcswatch reports that
this package seems to have new commits in its VCS but has
not yet updated debian/changelog. You should consider updating
the Debian changelog and uploading this new version into the archive.
Here are the relevant commit logs:
Author: mirabilos <email@example.com>
Date: Thu May 19 23:24:05 2022 +0200
Fix underquoting of $HOME, which may contain spaces
Last update: 2022-05-26
Standards version of the package is outdated.
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.6.1 instead of
Last update: 2022-05-11
This package is part of the ongoing testing transition known as auto-openssl.
Please avoid uploads unrelated to this transition, they would
likely delay it and require supplementary work from the release
managers. On the other hand, if your package has problems
preventing it to migrate to testing, please fix them
as soon as possible.
You can probably find supplementary information in the
archives or in the corresponding