[ubuntu/xenial-proposed] x2goclient 4.0.5.1-1ubuntu0.16.04.1 (Accepted)

Fri, 24 Jan 2020 08:48:05 -0800 

x2goclient (4.0.5.1-1ubuntu0.16.04.1) xenial; urgency=medium

  * debian/patches:
    + Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
      strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
      in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
      based Windows solution for Kerberos support), but newer libssh versions
      with the CVE-2019-14889 also interpret paths as literal strings.
      (LP: #1856795).

Date: Wed, 25 Dec 2019 21:11:41 +0100
Changed-By: Mike Gabriel <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
Signed-By: Graham Inggs <[email protected]>
https://launchpad.net/ubuntu/+source/x2goclient/4.0.5.1-1ubuntu0.16.04.1

Format: 1.8
Date: Wed, 25 Dec 2019 21:11:41 +0100
Source: x2goclient
Architecture: source
Version: 4.0.5.1-1ubuntu0.16.04.1
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Mike Gabriel <[email protected]>
Launchpad-Bugs-Fixed: 1856795
Changes:
 x2goclient (4.0.5.1-1ubuntu0.16.04.1) xenial; urgency=medium
 .
   * debian/patches:
     + Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
       strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
       in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
       based Windows solution for Kerberos support), but newer libssh versions
       with the CVE-2019-14889 also interpret paths as literal strings.
       (LP: #1856795).
Checksums-Sha1:
 d0b3015db2f9edf2d33fa4753361ea4c73f79577 2506 
x2goclient_4.0.5.1-1ubuntu0.16.04.1.dsc
 003dcec9c950a37645a8e78d10826b34ad6ac413 19384 
x2goclient_4.0.5.1-1ubuntu0.16.04.1.debian.tar.xz
 e1358759e6ab6e038dd0d89ea4189673b02fa710 10611 
x2goclient_4.0.5.1-1ubuntu0.16.04.1_source.buildinfo
Checksums-Sha256:
 a06dbff144c4cf58a8e3f91977dcb84a6437830c9343f012561b9731717f345c 2506 
x2goclient_4.0.5.1-1ubuntu0.16.04.1.dsc
 a70ef4b6ccc7fd2a02ca3b3b5ca711ab8636a11b292a7f15b85d1873380d1869 19384 
x2goclient_4.0.5.1-1ubuntu0.16.04.1.debian.tar.xz
 e35c7b6e6ab67c6a6313e258c2d5079e763fceedf5c1c13fe316201e7fc795bc 10611 
x2goclient_4.0.5.1-1ubuntu0.16.04.1_source.buildinfo
Files:
 f3af48d5bd50ecaee339fb0c50a807f6 2506 x11 extra 
x2goclient_4.0.5.1-1ubuntu0.16.04.1.dsc
 14b1ef587af7ebd7063d6ccda2951d68 19384 x11 extra 
x2goclient_4.0.5.1-1ubuntu0.16.04.1.debian.tar.xz
 a41615e9f774b50dfdf36cdd3c6608ad 10611 x11 extra 
x2goclient_4.0.5.1-1ubuntu0.16.04.1_source.buildinfo
Original-Maintainer: X2Go Packaging Team 
<[email protected]>

-- 
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

Reply via email to