[ubuntu/bionic-proposed] x2goclient 4.1.1.1-2ubuntu0.18.04.1 (Accepted)

Mike Gabriel sunweaver at debian.org
Fri Jan 24 16:47:26 UTC 2020 

x2goclient (4.1.1.1-2ubuntu0.18.04.1) bionic; urgency=medium

  * debian/patches:
    + Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
      strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
      in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
      based Windows solution for Kerberos support), but newer libssh versions
      with the CVE-2019-14889 also interpret paths as literal strings.
      (LP: #1856795).

Date: Wed, 25 Dec 2019 21:11:41 +0100
Changed-By: Mike Gabriel <sunweaver at debian.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Graham Inggs <graham.inggs+ubuntu at gmail.com>
https://launchpad.net/ubuntu/+source/x2goclient/4.1.1.1-2ubuntu0.18.04.1
-------------- next part --------------
Format: 1.8
Date: Wed, 25 Dec 2019 21:11:41 +0100
Source: x2goclient
Architecture: source
Version: 4.1.1.1-2ubuntu0.18.04.1
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Mike Gabriel <sunweaver at debian.org>
Launchpad-Bugs-Fixed: 1856795
Changes:
 x2goclient (4.1.1.1-2ubuntu0.18.04.1) bionic; urgency=medium
 .
   * debian/patches:
     + Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
       strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
       in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
       based Windows solution for Kerberos support), but newer libssh versions
       with the CVE-2019-14889 also interpret paths as literal strings.
       (LP: #1856795).
Checksums-Sha1:
 9442d148e3d59d98ffe572a8d0336587476e6fee 2601 x2goclient_4.1.1.1-2ubuntu0.18.04.1.dsc
 9bc3d07ecc02b6c763db8a41e5e0cd1ba6bb297c 24416 x2goclient_4.1.1.1-2ubuntu0.18.04.1.debian.tar.xz
 45c6c8c61f3fa9e8c0af1e16bc3e2004fcc55b65 13764 x2goclient_4.1.1.1-2ubuntu0.18.04.1_source.buildinfo
Checksums-Sha256:
 c176e9635ee3a191a003ff9ef5cb272489b439ee82cf08d2497bdd35067f5f05 2601 x2goclient_4.1.1.1-2ubuntu0.18.04.1.dsc
 7782fa568803acd4abf9dade02eeb56a10c013eef3a51591276309bd7e533cb5 24416 x2goclient_4.1.1.1-2ubuntu0.18.04.1.debian.tar.xz
 80b6340afc8ec1fc061e319de8cc0917038f7d70e306a0acacb83da1c9d4f428 13764 x2goclient_4.1.1.1-2ubuntu0.18.04.1_source.buildinfo
Files:
 147b9f31722a9c5ea70113a98a8f828b 2601 x11 optional x2goclient_4.1.1.1-2ubuntu0.18.04.1.dsc
 d495330a17decae439d3fbdd7a9042ae 24416 x11 optional x2goclient_4.1.1.1-2ubuntu0.18.04.1.debian.tar.xz
 b19629b1a69cde784c5c4ed7c915facb 13764 x11 optional x2goclient_4.1.1.1-2ubuntu0.18.04.1_source.buildinfo
Original-Maintainer: Debian Remote Maintainers <pkg-remote-team at lists.alioth.debian.org>

More information about the Bionic-changes mailing list