X2Go Bug report logs - #1004
Windows: Update libssh to 0.7.3 to fix CVE-2016-0739

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Mike DePaulo <mikedep333@gmail.com>

Date: Fri, 26 Feb 2016 14:00:02 UTC

Severity: normal

Tags: build-win32

Found in version 4.0.5.0

Full log


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

Received: (at submit) by bugs.x2go.org; 26 Feb 2016 13:58:09 +0000
From mikedep333@gmail.com  Fri Feb 26 14:58:07 2016
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.7 required=3.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,URIBL_BLOCKED autolearn=ham
	version=3.3.2
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 95BD23BC4C
	for <submit@bugs.x2go.org>; Fri, 26 Feb 2016 14:58:07 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id QXUowULt8JAE for <submit@bugs.x2go.org>;
	Fri, 26 Feb 2016 14:58:01 +0100 (CET)
Received: from mail-io0-f180.google.com (mail-io0-f180.google.com [209.85.223.180])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 1CF253BC4B
	for <submit@bugs.x2go.org>; Fri, 26 Feb 2016 14:58:01 +0100 (CET)
Received: by mail-io0-f180.google.com with SMTP id l127so122343639iof.3
        for <submit@bugs.x2go.org>; Fri, 26 Feb 2016 05:58:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to;
        bh=3CXS9AWjyA6q8dG8JEnZ1b8m9MEh+HaJvbw7hS/uFOI=;
        b=Ltez0dkWpzIdICkn4rzk1VnlHom9NKkr+v2k8U/8cdh+wZxbpYC1Tr+aOjYe9MBW4V
         1rseLvO64k1ymVi3AIqSYqVw+hSt1DDwOz0eX8aRoXuX2tDoG25AHDvzHORZICzur4fV
         RBWyFHZ3z5UWvscF9kh3cJVieJsqb04s1Y24KJ5OlyEhQaJKe2JIyUA4zt2I9wwBcEzE
         4rE/crtiVCSuTmeYy21zSnzOBvqyzSHYMWfysMsjp1n/2h1XqWH1PaT1TJNCZkAUPgWw
         0tAZZ0XgKpE8U7wMsL7GmwEVqSkAgEhg4IImrHdVLbkOB82Jj0fDw+IhrDEmVGd62kRj
         Wyxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:date:message-id:subject:from:to;
        bh=3CXS9AWjyA6q8dG8JEnZ1b8m9MEh+HaJvbw7hS/uFOI=;
        b=LkY6EUdfOE8BYur94JLHPqNGqg4+4/DXVkbwengwsHFzyTkN5rBQha2Ybt5aL7l3OA
         +Hy0sBxqMheXW3b47rImjt+5Vc9bgPNPiFH+5JKVIokIKjS0o+3uVeeCD3E4kLcDULBr
         Rm9846INV/QEMGsGnRICPwR0M9MpEabZf35+wpfeaj9mvn7Buxwx+/UjLmjP/pYScKJI
         MzIkymc13P9cArVgYt86xADQftQ70eg1e35xiNKaCikJspeiY8wsthDyZEjIgJ6xsgXa
         tmvHuupDB1oudksspVorGr/kx5W1DHdcGssaaCI6hdVs3A6U9uKQlp5lL+N3B6nOUr+w
         Qrpw==
X-Gm-Message-State: AG10YOSd4HDDt1qX5XN4RAFlGlF/k77W1guIICGUwdmjZymjXLzrIWpBS1bc/eQMfPwC6atwp+gjpmMTOzBCSw==
MIME-Version: 1.0
X-Received: by 10.107.19.221 with SMTP id 90mr9719495iot.24.1456495079839;
 Fri, 26 Feb 2016 05:57:59 -0800 (PST)
Received: by 10.107.55.69 with HTTP; Fri, 26 Feb 2016 05:57:59 -0800 (PST)
Date: Fri, 26 Feb 2016 08:57:59 -0500
Message-ID: <CAMKht8hoYow-ka5Y9SV0koEaNPrapYYbzq6--j96MWiDJ8VPEQ@mail.gmail.com>
Subject: Windows: Update libssh to 0.7.3 to fix CVE-2016-0739
From: Mike DePaulo <mikedep333@gmail.com>
To: "submit@bugs.x2go.org" <submit@bugs.x2go.org>
Content-Type: text/plain; charset=UTF-8
package: x2goclient
version: 4.0.5.0
tags: build-win32

You can read about CVE-2016-0739 here:
https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/

This bug is specifically for X2Go Client for Windows because X2Go
Client uses a patched version of libssh. The patch is here:
http://code.x2go.org/gitweb?p=x2goclient-contrib.git;a=blob_plain;f=libssh/0.7.0-x2go1-mingw482_src/0001-Port-KDE-for-WIndows-s-Pageant-patch-0001-implement-.patch;hb=HEAD


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Mar 28 14:04:47 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.