CVE-2008-5902 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5902): Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via a crafted request.
CVE-2008-5903 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5903): Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member. CVE-2008-5904 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5904): The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.
chutzpah, do you plan to update this?
Created attachment 200457 [details, diff] 0001-fix-overflow-when-typing-in-edit-on-login-screen.patch
Created attachment 200458 [details, diff] 0002-fix-some-buffer-overruns.patch upstream patches. please bump
Security, this package has been removed from portage as of this moment, feel free to handle as you best see fit.
Closing noglsa, thanks everyone.