CVE-2022-23613:
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.
1 new commit since last upload, is it time to release?
normal
vcswatch reports that
this package seems to have new commits in its VCS but has
not yet updated debian/changelog. You should consider updating
the Debian changelog and uploading this new version into the archive.
Here are the relevant commit logs:
commit 552040d8a9dcda59a0418c2b8478602f3869f335
Author: mirabilos <tg@debian.org>
Date: Thu May 19 23:24:05 2022 +0200
Fix underquoting of $HOME, which may contain spaces
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.6.1 instead of
4.6.0).
testing migrations
This package is part of the ongoing testing transition known as auto-openssl.
Please avoid uploads unrelated to this transition, they would
likely delay it and require supplementary work from the release
managers. On the other hand, if your package has problems
preventing it to migrate to testing, please fix them
as soon as possible.
You can probably find supplementary information in the
debian-release
archives or in the corresponding
release.debian.org
bug.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/x/xrdp.png){kind=link}