[ubuntu/xenial-proposed] x2goclient 4.0.5.1-1ubuntu0.16.04.1 (Accepted)

Mike Gabriel sunweaver at debian.org
Fri Jan 24 16:47:27 UTC 2020 

x2goclient (4.0.5.1-1ubuntu0.16.04.1) xenial; urgency=medium

  * debian/patches:
    + Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
      strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
      in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
      based Windows solution for Kerberos support), but newer libssh versions
      with the CVE-2019-14889 also interpret paths as literal strings.
      (LP: #1856795).

Date: Wed, 25 Dec 2019 21:11:41 +0100
Changed-By: Mike Gabriel <sunweaver at debian.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Graham Inggs <graham.inggs+ubuntu at gmail.com>
https://launchpad.net/ubuntu/+source/x2goclient/4.0.5.1-1ubuntu0.16.04.1
-------------- next part --------------
Format: 1.8
Date: Wed, 25 Dec 2019 21:11:41 +0100
Source: x2goclient
Architecture: source
Version: 4.0.5.1-1ubuntu0.16.04.1
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Mike Gabriel <sunweaver at debian.org>
Launchpad-Bugs-Fixed: 1856795
Changes:
 x2goclient (4.0.5.1-1ubuntu0.16.04.1) xenial; urgency=medium
 .
   * debian/patches:
     + Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
       strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
       in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
       based Windows solution for Kerberos support), but newer libssh versions
       with the CVE-2019-14889 also interpret paths as literal strings.
       (LP: #1856795).
Checksums-Sha1:
 d0b3015db2f9edf2d33fa4753361ea4c73f79577 2506 x2goclient_4.0.5.1-1ubuntu0.16.04.1.dsc
 003dcec9c950a37645a8e78d10826b34ad6ac413 19384 x2goclient_4.0.5.1-1ubuntu0.16.04.1.debian.tar.xz
 e1358759e6ab6e038dd0d89ea4189673b02fa710 10611 x2goclient_4.0.5.1-1ubuntu0.16.04.1_source.buildinfo
Checksums-Sha256:
 a06dbff144c4cf58a8e3f91977dcb84a6437830c9343f012561b9731717f345c 2506 x2goclient_4.0.5.1-1ubuntu0.16.04.1.dsc
 a70ef4b6ccc7fd2a02ca3b3b5ca711ab8636a11b292a7f15b85d1873380d1869 19384 x2goclient_4.0.5.1-1ubuntu0.16.04.1.debian.tar.xz
 e35c7b6e6ab67c6a6313e258c2d5079e763fceedf5c1c13fe316201e7fc795bc 10611 x2goclient_4.0.5.1-1ubuntu0.16.04.1_source.buildinfo
Files:
 f3af48d5bd50ecaee339fb0c50a807f6 2506 x11 extra x2goclient_4.0.5.1-1ubuntu0.16.04.1.dsc
 14b1ef587af7ebd7063d6ccda2951d68 19384 x11 extra x2goclient_4.0.5.1-1ubuntu0.16.04.1.debian.tar.xz
 a41615e9f774b50dfdf36cdd3c6608ad 10611 x11 extra x2goclient_4.0.5.1-1ubuntu0.16.04.1_source.buildinfo
Original-Maintainer: X2Go Packaging Team <pkg-x2go-devel at lists.alioth.debian.org>

More information about the Xenial-changes mailing list