neutrinolabs
diff --git a/‎NEWS.md
+15-1 b/‎NEWS.md
+15-1
diff --git a/‎README.md
+1-1 b/‎README.md
+1-1
diff --git a/‎configure.ac
+1-1 b/‎configure.ac
+1-1
diff --git a/‎sesman/libscp/libscp_types.h
+4 b/‎sesman/libscp/libscp_types.h
+4
@@ -1,3 +1,17 @@
+# Release notes for xrdp v0.9.13.1 (2020/06/30)
+
+This is a security fix release that includes fixes for the following local buffer overflow vulnerability.
+
+* [CVE-2022-4044: Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044)
+
+This update is recommended for all xrdp users.
+
+## Special thanks
+
+Thanks to [Ashley Newson](https://github.com/ashleynewson) reporting the vulnerability and reviewing fix.
+
+-----------------------
+
 # Release notes for xrdp v0.9.13 (2020/03/11)
 
 This release is an intermediate bugfix release. The previous version v0.9.12 has some regressions on drive redirection.
@@ -111,7 +125,7 @@ Thank you for matt335672 contributing to lots of improvements in drive redirecti
 
 -----------------------
 
-## Release notes for xrdp v0.9.9 (2018/12/25)
+# Release notes for xrdp v0.9.9 (2018/12/25)
 
 ## Release cycle
 From the next release, release cycle will be changed from quarterly to every
 
@@ -2,7 +2,7 @@
 [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/neutrinolabs/xrdp-questions)
 ![Apache-License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)
 
-*Current Version:* 0.9.13
+*Current Version:* 0.9.13.1
 
 # xrdp - an open source RDP server
 
 
@@ -1,7 +1,7 @@
 # Process this file with autoconf to produce a configure script
 
 AC_PREREQ(2.65)
-AC_INIT([xrdp], [0.9.13], [[email protected]])
+AC_INIT([xrdp], [0.9.13.1], [[email protected]])
 AC_CONFIG_HEADERS(config_ac.h:config_ac-h.in)
 AM_INIT_AUTOMAKE([1.7.2 foreign])
 AC_CONFIG_MACRO_DIR([m4])
 
@@ -59,6 +59,10 @@
 
 #include "libscp_types_mng.h"
 
+/* Max server incoming and outgoing message size, used to stop memory
+   exhaustion attempts (CVE-2020-4044) */
+#define SCP_MAX_MESSAGE_SIZE 8192
+
 struct SCP_CONNECTION
 {
   int in_sck;
Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,10 @@`
`59`	`59`
`60`	`60`	`#include "libscp_types_mng.h"`
`61`	`61`
	`62`	`+/* Max server incoming and outgoing message size, used to stop memory`
	`63`	`+ exhaustion attempts (CVE-2020-4044) */`
	`64`	`+#define SCP_MAX_MESSAGE_SIZE 8192`
	`65`	`+`
`62`	`66`	`struct SCP_CONNECTION`
`63`	`67`	`{`
`64`	`68`	`int in_sck;`