Hi, On Mon, 2025-05-26 at 07:47 +0000, Debian Queue Viewer wrote: > +xrdp (0.9.21.1-1+deb12u1) bookworm; urgency=high > + > + * Non-maintainer upload > + * Fix CVE-2023-40184: Improper handling of session establishment > + errors allows bypassing OS-level session restrictions. The > + `auth_start_session` function can return non-zero. PAM error > + which may result in session restrictions such as max concurrent > + sessions per user by PAM (ex ./etc/security/limits.conf) to be > + bypassed (Closes: #1051061) > + * Fix CVE-2023-42822: Access to the font glyphs in xrdp_painter.c > + is not bounds-checked. (Closes: #1053284) > + * Fix CVE-2024-39917: vulnerability that allows attackers to make > + an infinite number of login attempts. (Closes: #1076769)
Please ensure that you file p-u bugs against release.debian.org for any uploads to stable, as discussed in the Developers Reference. Your upload is failing to build on mipsel: not ok 51 - test_ssl_calls.c:ssl_calls:test_gen_key_xrdp1: Test timeout expired FAIL: test_common 51 - test_ssl_calls.c:ssl_calls:test_gen_key_xrdp1: Test timeout expired base64 [...] 98%: Checks: 74, Failures: 0, Errors: 1 test_ssl_calls.c:340:E:ssl_calls:test_gen_key_xrdp1:0: (after this point) Test timeout expired 1..74 ERROR: test_common - exited with status 1 Regards, Adam
