x2goclient (4.0.5.1-1ubuntu0.16.04.1) xenial; urgency=medium
* debian/patches:
+ Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
based Windows solution for Kerberos support), but newer libssh versions
with the CVE-2019-14889 also interpret paths as literal strings.
(LP: #1856795).
Date: 2020-01-02 09:38:08.035765+00:00
Changed-By: Mike Gabriel <[email protected]>
Signed-By: Łukasz Zemczak <[email protected]>
https://launchpad.net/ubuntu/+source/x2goclient/4.0.5.1-1ubuntu0.16.04.1
Sorry, changesfile not available.
--
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
