Publishing details
Changelog
x2goclient (4.0.5.2-2+deb9u1) stretch; urgency=medium
* debian/patches:
+ Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
based Windows solution for Kerberos support), but newer libssh versions
with the CVE-2019-14889 also interpret paths as literal strings.
(Closes: #947129).
-- Mike Gabriel <email address hidden> Sun, 22 Dec 2019 14:53:58 +0100
Builds
Package files