Hi Michael, On Mo 31 Mär 2014 15:19:07 CEST, Michael DePaulo wrote:
The latest version of VcXsrv, 1.15.0, contains the vulnerability CVE-2013-6462 in the component libXfont 1.4.6. The vulnerability is fixed in libXfont 1.4.7 and VcXsrv's master branch contains that update/fix. I just sent the VcXsrv developer "marha" a message through SourceForge.net. I am hoping he will respond soon. I would like to avoid releasing X2Go Client 4.0.2.0 with the vulnerable VcXsrv if at all possible. As I mentioned below, I'll try to compile VcXsrv's master branch if he will not release a new VcXsrv soon. I will also try to compile the master this evening if he does not respond by then. -Mike
are you sure you want to dive into building VcXsrv? We can also wait a little more to get that fixed by marha.
Or we could release and provide builds for Win32 a little later.On the other hand, it problable might be a benefit to be in charge of your own VcXsrv builds. Maybe not now, but maybe later.
Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpODqjhzIAse.pgp
Description: Digitale PGP-Signatur
_______________________________________________ X2Go-Dev mailing list X2Go-Dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev