[ubuntu/eoan-updates] x2goclient 4.1.2.1-2ubuntu0.19.10.1 (Accepted)

Mon Feb 3 12:31:40 UTC 2020

x2goclient (4.1.2.1-2ubuntu0.19.10.1) eoan; urgency=medium

  * debian/patches:
    + Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
      strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
      in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
      based Windows solution for Kerberos support), but newer libssh versions
      with the CVE-2019-14889 also interpret paths as literal strings.
      (LP: #1856795).

Date: 2020-01-02 09:38:13.776692+00:00
Changed-By: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/x2goclient/4.1.2.1-2ubuntu0.19.10.1
-------------- next part --------------
Sorry, changesfile not available.