pool/xrdp
SHA256
12
0
Fork 1
Code Issues Pull Requests Activity

Accepting request 1118552 from home:dimstar:Factory

Browse Source 
- Update to version 0.9.23.1:
  + Security fix: Unchecked access to font glyph info
    (CVE-2023-42822).
- Changes from version 0.9.23:
  + General announcement: Running xrdp and xrdp-sesman on separate
    hosts is still supported by this release, but is now
    deprecated. This is not secure. A future v1.0 release will
    replace the TCP socket used between these processes with a Unix
    Domain Socket, and then cross-host running will not be
    possible.
  + Security fix: Improper handling of session establishment errors
    allows bypassing OS-level session restrictions
    (CVE-2023-40184).
  + Bug fixes:
    - Environment variables set by PAM modules are no longer
      restricted to around 250 characters.
    - X11 clipboard clients now no longer hang when requesting a
      clipboard format which isn't available.

OBS-URL: https://build.opensuse.org/request/show/1118552
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=121
This commit is contained in:
Yifan Jiang
2023-11-02 01:36:38 +00:00
committed by Git OBS Bridge
parent 8222d51000
commit 9c606546e9
6 changed files with 43 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
xrdp.changes
View File

@@ -1,3 +1,25 @@
-------------------------------------------------------------------
Wed Oct 18 09:23:35 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 0.9.23.1:
+ Security fix: Unchecked access to font glyph info
(CVE-2023-42822).
- Changes from version 0.9.23:
+ General announcement: Running xrdp and xrdp-sesman on separate
hosts is still supported by this release, but is now
deprecated. This is not secure. A future v1.0 release will
replace the TCP socket used between these processes with a Unix
Domain Socket, and then cross-host running will not be
possible.
+ Security fix: Improper handling of session establishment errors
allows bypassing OS-level session restrictions
(CVE-2023-40184).
+ Bug fixes:
- Environment variables set by PAM modules are no longer
restricted to around 250 characters.
- X11 clipboard clients now no longer hang when requesting a
clipboard format which isn't available.
-------------------------------------------------------------------
Thu Aug 3 04:01:39 UTC 2023 - Linnaea Lavia <linnaea@lavia.moe>