[ubuntu/eoan-proposed] x2goclient 4.1.2.1-2ubuntu0.19.10.1 (Accepted)

Mike Gabriel sunweaver at debian.org
Fri Jan 24 16:47:25 UTC 2020 

x2goclient (4.1.2.1-2ubuntu0.19.10.1) eoan; urgency=medium

  * debian/patches:
    + Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
      strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
      in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
      based Windows solution for Kerberos support), but newer libssh versions
      with the CVE-2019-14889 also interpret paths as literal strings.
      (LP: #1856795).

Date: Wed, 25 Dec 2019 21:11:41 +0100
Changed-By: Mike Gabriel <sunweaver at debian.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Graham Inggs <graham.inggs+ubuntu at gmail.com>
https://launchpad.net/ubuntu/+source/x2goclient/4.1.2.1-2ubuntu0.19.10.1
-------------- next part --------------
Format: 1.8
Date: Wed, 25 Dec 2019 21:11:41 +0100
Source: x2goclient
Architecture: source
Version: 4.1.2.1-2ubuntu0.19.10.1
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Mike Gabriel <sunweaver at debian.org>
Launchpad-Bugs-Fixed: 1856795
Changes:
 x2goclient (4.1.2.1-2ubuntu0.19.10.1) eoan; urgency=medium
 .
   * debian/patches:
     + Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
       strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
       in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
       based Windows solution for Kerberos support), but newer libssh versions
       with the CVE-2019-14889 also interpret paths as literal strings.
       (LP: #1856795).
Checksums-Sha1:
 9e799304925cd0772120b0d19c9228401584089e 2602 x2goclient_4.1.2.1-2ubuntu0.19.10.1.dsc
 533e873ed8cbf1fdf5bbbd69047ddf6436aa61fe 23844 x2goclient_4.1.2.1-2ubuntu0.19.10.1.debian.tar.xz
 245451d83363502319eee215b3cf8a8602451b16 13764 x2goclient_4.1.2.1-2ubuntu0.19.10.1_source.buildinfo
Checksums-Sha256:
 e426e1a96133f173ba3913d3ef1f8ecae3b457744586b33e3d3bab036f551f22 2602 x2goclient_4.1.2.1-2ubuntu0.19.10.1.dsc
 64b17a2a5149aa8b89f81809a433c5dc3d0030138d82261da0f29bbd5b8c47d8 23844 x2goclient_4.1.2.1-2ubuntu0.19.10.1.debian.tar.xz
 d624e7a6498b2c5a6d0f36ab124f5c5e2f12572ae2a3a2a0c4985fdb896028d7 13764 x2goclient_4.1.2.1-2ubuntu0.19.10.1_source.buildinfo
Files:
 481b6e1eb963971fc31802b53b7e0aea 2602 x11 optional x2goclient_4.1.2.1-2ubuntu0.19.10.1.dsc
 f63aef5eee5cb9b9b36a18f06d467095 23844 x11 optional x2goclient_4.1.2.1-2ubuntu0.19.10.1.debian.tar.xz
 9ee01004d0092c4f17428d03ce3e63ad 13764 x11 optional x2goclient_4.1.2.1-2ubuntu0.19.10.1_source.buildinfo
Original-Maintainer: Debian Remote Maintainers <pkg-remote-team at lists.alioth.debian.org>

More information about the Eoan-changes mailing list