Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.
Reported by: "Peter O'Regan" <peteroregan@gmail.com>
Date: Tue, 31 Jan 2023 19:25:02 UTC
Severity: normal
Found in version 4.1.2.2-2020.02.13
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
Received: (at submit) by bugs.x2go.org; 31 Jan 2023 19:20:39 +0000
From peteroregan@gmail.com Tue Jan 31 20:20:35 2023
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
ymir.das-netzwerkteam.de
X-Spam-Level:
X-Spam-Status: No, score=0.7 required=3.0 tests=BAYES_50,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2
Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com [IPv6:2607:f8b0:4864:20::52f])
by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 06A5D5DAED
for <submit@bugs.x2go.org>; Tue, 31 Jan 2023 20:20:35 +0100 (CET)
Received: by mail-pg1-x52f.google.com with SMTP id g68so10786014pgc.11
for <submit@bugs.x2go.org>; Tue, 31 Jan 2023 11:20:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=IMxZmDY0GmLxRFa+OaRJPJZaVfZG7h93gJd9zamAcRY=;
b=itM5AMIyWRwBiCmTp1YcO2SFmV1y649ljBcbLCKIYZlCLKAv31QPuYg/wiIxvlNLb2
BAx1G3Q3SlcXO7N9Bjsb/P3PWPNGYcV5nw/QXPgxWD5asSvdZKr+xxncTbW7aXcmeEcw
/yU1ZF1jhQamsSN1YM7jCN2g6pJSgSo2GMFoR3weaOymGk1eV518qaumknhKYLRX569c
H8O3xnaXw37cUcBwCcqvh45IEvcXqWYIaIpyI2JGeIUKFPNGVOkIeAIuxOtokVLQC9uC
pXNz6lbhFFSHO5Rr3JuquMnSVgY8JnCHKflnJbqnh9aDl4GIe3r1n316D/ux2HxXP77L
QItA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=IMxZmDY0GmLxRFa+OaRJPJZaVfZG7h93gJd9zamAcRY=;
b=rGupx0Ny9UYhB+1eK9DoOKwPIzbzKxI4VsyoQiGq9nJs+7zQB8opySERo/Uw6A/DYe
pMJoZjYYoqfMtkxiYLXRDBTtqwYvNrjFlQLkD60jFZ6J4l3QfCkxqPwPFIqmXwF8p2rM
k/d9x++YOrP/ZTt3VGl4WtaRug7PLoBQuKOwmRCjFELl6niygBKdghZMQAFa8p5b5i7E
/7bY0wJpOYK6hCM8M0D1FTZv5YsDa1BUASzorcMUpo1RGm0bybLLHAQQ+7iQZW09aD/i
ZOyrjoyN29QYiHDKim8ujihMNu+CeS2+4ePjPgxNAacUL//YqKk+kfnZVL5fMS8mmcgI
gLyw==
X-Gm-Message-State: AO0yUKVpvBIS31IpsjkmaNBof42rIfi81BRISZvY5Kj12tLGtMcfOUTC
vXtOIQhSfVPwz/u33Yhc1eWeYiBvNigfr0zkKyAEsUZS
X-Google-Smtp-Source: AK7set+TZXdoj4L4k6OhG1riDqB0i0n6Wv9YZKyrpnD1reS3FBpc6KU2xb+1yjuj1yIc0dufx0L68gcSrfJ6Y7Gj+1o=
X-Received: by 2002:aa7:98c7:0:b0:593:9891:f86a with SMTP id
e7-20020aa798c7000000b005939891f86amr2177297pfm.53.1675192832147; Tue, 31 Jan
2023 11:20:32 -0800 (PST)
MIME-Version: 1.0
From: "Peter O'Regan" <peteroregan@gmail.com>
Date: Tue, 31 Jan 2023 14:20:21 -0500
Message-ID: <CAB0Xt5CFmtzhHxZi4vABn4jg6XCYbL0wxHVU8rofso3SaMaHag@mail.gmail.com>
Subject: Possible security vulnerability: x2goclient crashes calling
ssh-keygen due to unsanitized arguments
To: submit@bugs.x2go.org
Content-Type: multipart/alternative; boundary="000000000000b0cdef05f3943947"
[Message part 1 (text/plain, inline)]
[Message part 2 (text/html, inline)]
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.