Your message dated Fri, 15 Dec 2017 01:49:23 +0000 with message-id <e1epf7r-0006ua...@fasolo.debian.org> and subject line Bug#882463: fixed in xrdp 0.9.4-2 has caused the Debian Bug report #882463, regarding xrdp: CVE-2017-16927: Buffer-overflow in scp_v0s_accept function in session manager to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 882463: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: xrdp Version: 0.9.1-1 Severity: grave Tags: security upstream Forwarded: https://github.com/neutrinolabs/xrdp/pull/958 Hi, the following vulnerability was published for xrdp. CVE-2017-16927[0]: | The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session | manager in xrdp through 0.9.4 uses an untrusted integer as a write | length, which allows local users to cause a denial of service (buffer | overflow and application crash) or possibly have unspecified other | impact via a crafted input stream. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-16927 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16927 [1] https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA [2] https://github.com/neutrinolabs/xrdp/pull/958 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: xrdp Source-Version: 0.9.4-2 We believe that the bug you reported is fixed in the latest version of xrdp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 882...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dominik George <n...@naturalnet.de> (supplier of updated xrdp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 15 Dec 2017 02:10:18 +0100 Source: xrdp Binary: xrdp xorgxrdp Architecture: source amd64 Version: 0.9.4-2 Distribution: unstable Urgency: high Maintainer: Debian Remote Maintainers <pkg-remote-t...@lists.alioth.debian.org> Changed-By: Dominik George <n...@naturalnet.de> Description: xorgxrdp - Remote Desktop Protocol (RDP) modules for X.org xrdp - Remote Desktop Protocol (RDP) server Closes: 882463 Changes: xrdp (0.9.4-2) unstable; urgency=high . [ Dominik George ] * Fix typo in previous changelog. * Fix CVE-2017-16927. (Closes: #882463) * Bump Standards-Version. + No changes needed. . [ Thorsten Glaser ] * Place missing log_end_msg in init script. * Run libpainter/bootstrap as well. * Re-enable SIMD on any-i386. * Cherry-pick missing parts from experimental branch. * Fix another typo in previous changelog. Checksums-Sha1: b1cde0d1c99637a015bdfa3c50b9daa8c3f22e05 2668 xrdp_0.9.4-2.dsc 7b16f45d926cab36ce369dbf953ae3b29533ea60 24692 xrdp_0.9.4-2.debian.tar.xz a1bf0e0e3f72234142cb77e482e1e10d69ce225b 907692 xorgxrdp-dbgsym_0.9.4-2_amd64.deb a54bbfc36a76eb711b9fabf507f82fad2981c694 83748 xorgxrdp_0.9.4-2_amd64.deb f6cac895b9efbf3507dbb08029503694d33bd390 689996 xrdp-dbgsym_0.9.4-2_amd64.deb febe0a93bc08b9e59fed91296c8b783609e11068 10562 xrdp_0.9.4-2_amd64.buildinfo e6e08824b2cd25dd4c23130a2d8842177b1d0cfe 423532 xrdp_0.9.4-2_amd64.deb Checksums-Sha256: 84cbe65db64b63a829baf96a9d138bb3c4ce8e3464a20304e67993bc3000c1e1 2668 xrdp_0.9.4-2.dsc af5bf78ac6fce04db69c9d59eb079f1c71877dc93dc727e672c73132158725fb 24692 xrdp_0.9.4-2.debian.tar.xz e8792d001062b3f96eafc8182e82139c35d18496a2fa3d1babb1fdfa262b0a69 907692 xorgxrdp-dbgsym_0.9.4-2_amd64.deb dd72b1736275148a308e18631d4ea4d80c0c8ed1a9937c4447198e97468122ac 83748 xorgxrdp_0.9.4-2_amd64.deb 460cbc5ec1c333b0e6d6f0adf57c7dfc7729b5da0f2864faebd4920d845d09eb 689996 xrdp-dbgsym_0.9.4-2_amd64.deb 7a9a9d5488c44e31ea44d4324e8f5f3b403b67514205b727424192db5277e793 10562 xrdp_0.9.4-2_amd64.buildinfo 20ad910e145adc7969b08ac4a84e7f3c4a98c37b0421782e907c15d6c19a3f56 423532 xrdp_0.9.4-2_amd64.deb Files: fba6ff6b7ef2456ebb4ad3446711574f 2668 net optional xrdp_0.9.4-2.dsc 4823776abc8e9a3eb1691efbd8b46b77 24692 net optional xrdp_0.9.4-2.debian.tar.xz 8488f6f19fb7db59b13f4aaa9c81dee2 907692 debug optional xorgxrdp-dbgsym_0.9.4-2_amd64.deb d150d85fdd0eb395813f5ad6664c550e 83748 net optional xorgxrdp_0.9.4-2_amd64.deb be398e91fc5f21a06c124bfd2dbe9328 689996 debug optional xrdp-dbgsym_0.9.4-2_amd64.deb fd174aa32adc438cd7bd8e98145b37f3 10562 net optional xrdp_0.9.4-2_amd64.buildinfo acff5267d5a63241d9d82bf63363d1c0 423532 net optional xrdp_0.9.4-2_amd64.deb -----BEGIN PGP SIGNATURE----- iQJlBAEBCABPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlozJDkxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylq6QD/9+gTDy6BcN1YUYVBCCJGOqe/Y5SUJpwmpVbdXGINRvxu3HUpHeB1Ck t0NVEqjvgE86RrJnsdnLKZjlQeGltDEYCqfVb/P9AXFPtCmZ6PdLTDePfOxCdZfk XRkTRDPQe5dzjLDDx/MHOkBrzP7J3Le9xDZZEJ5MLqL1omivmwpg1J1Nb4wQkjmu ZasjXDMtICIKr4Wf57LLvmEqSEAi1q542N4dDLelwS3SD8XxXVwxN8NVYlOb5FRs mR+j3xiYkoGSUCNFGUHV6bTe90oExrGZVc+SGv5kKD24wBSS5NOoQjkUBPZrf9nh GjwxrdsZctE6RUtdUGAStOrTw3L7xDEFB/vXQX0mWPMS6l08tXlFlJvmmPsN44ou acjAHyTBSWe2rz36O92Hj3n7Q/VvznY2FygADE6+uxlEaULN6fROihJBBoKqF/0p fbZMntr6XtHSZM+LuGCpJyKyiT7tvc2R3N5cLeRugJIW1BHz0EzSlld+J15exTFq 0DosIvjc15LaK5Kta6LAN2ujrSCNGNvBcH01EDL9EYWLvpcxM7zq00iFiyAaYWRj z0YScjs+MR7J9fYA22OSMSURZX9ee0HD7EfToZj0xCBtQ+0biIwAtodTByduI/Uh K50PWh4y5U/sqSM2JMOWX37Cvt+7VeJ4Vg2Rx3hy/6crfVWh3n2i5A== =Q/P5 -----END PGP SIGNATURE-----
--- End Message ---
