#1429 - Tilde expansion no longer performed by libssh after CVE-2019-14889

Reported by: Sylvain Cuaz <sylvain@ilm-informatique.fr>

Date: Fri, 20 Dec 2019 17:25:01 UTC

Severity: normal

Tags: pending

Merged with 1428

Found in version 4.1.2.1

Fixed in version 4.1.2.2

Done: X2Go Release Manager X2Go Release Manager <git-admin@x2go.org>

Bug is archived. No further changes may be made.

X-Loop: owner@bugs.x2go.org
Subject: Bug#1429: [X2Go-Dev] Bug#1429: Tilde expansion no longer performed by libssh after CVE-2019-14889
Reply-To: Sylvain Cuaz <sylvain@ilm-informatique.fr>, 1429@bugs.x2go.org
Resent-From: Sylvain Cuaz <sylvain@ilm-informatique.fr>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Fri, 20 Dec 2019 20:45:02 +0000
Resent-Message-ID: <handler.1429.B1429.15768746532034@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 1429
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: pending
References: <cd6dd615-289f-6914-7668-9190b8aca97e@ilm-informatique.fr> <5c04ddf5-0cb9-eff2-0346-d37115f7c07e@ionic.de> <cd6dd615-289f-6914-7668-9190b8aca97e@ilm-informatique.fr>
Received: via spool by 1429-submit@bugs.x2go.org id=B1429.15768746532034
          (code B ref 1429); Fri, 20 Dec 2019 20:45:02 +0000
Received: (at 1429) by bugs.x2go.org; 20 Dec 2019 20:44:13 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham
	autolearn_force=no version=3.4.2
Received: from 20.mo6.mail-out.ovh.net (20.mo6.mail-out.ovh.net [178.32.124.17])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 5D8695DAE7
	for <1429@bugs.x2go.org>; Fri, 20 Dec 2019 21:44:10 +0100 (CET)
Received: from player711.ha.ovh.net (unknown [10.108.16.182])
	by mo6.mail-out.ovh.net (Postfix) with ESMTP id 06DB01F5DD9
	for <1429@bugs.x2go.org>; Fri, 20 Dec 2019 21:44:09 +0100 (CET)
Received: from ilm-informatique.fr (38.233.153.77.rev.sfr.net [77.153.233.38])
	(Authenticated sender: sylvain@ilm-informatique.fr)
	by player711.ha.ovh.net (Postfix) with ESMTPSA id 5D141D6EFA39;
	Fri, 20 Dec 2019 20:44:08 +0000 (UTC)
To: Mihai Moldovan <ionic@ionic.de>, 1429@bugs.x2go.org
From: Sylvain Cuaz <sylvain@ilm-informatique.fr>
Message-ID: <b882be92-77f8-50fb-15d0-4209418782d2@ilm-informatique.fr>
Date: Fri, 20 Dec 2019 21:44:07 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.2.2
MIME-Version: 1.0
In-Reply-To: <5c04ddf5-0cb9-eff2-0346-d37115f7c07e@ionic.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: fr
X-Ovh-Tracer-Id: 3645945377423568677
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedufedrvddufedgudefkecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecunecujfgurhepuffvfhfhkffffgggjggtgfesthekredttdefjeenucfhrhhomhepufihlhhvrghinhcuvehurgiiuceoshihlhhvrghinhesihhlmhdqihhnfhhorhhmrghtihhquhgvrdhfrheqnecuffhomhgrihhnpehusghunhhtuhdrtghomhdplhhisghsshhhrdhorhhgnecukfhppedtrddtrddtrddtpdejjedrudehfedrvdeffedrfeeknecurfgrrhgrmhepmhhouggvpehsmhhtphdqohhuthdphhgvlhhopehplhgrhigvrhejuddurdhhrgdrohhvhhdrnhgvthdpihhnvghtpedtrddtrddtrddtpdhmrghilhhfrhhomhepshihlhhvrghinhesihhlmhdqihhnfhhorhhmrghtihhquhgvrdhfrhdprhgtphhtthhopedugedvleessghughhsrdigvdhgohdrohhrghenucevlhhushhtvghrufhiiigvpedt

X2Go Bug report logs - #1429 Tilde expansion no longer performed by libssh after CVE-2019-14889

X2Go Bug report logs - #1429
Tilde expansion no longer performed by libssh after CVE-2019-14889