From mikedep333@gmail.com Fri Feb 26 14:58:07 2016 Received: (at submit) by bugs.x2go.org; 26 Feb 2016 13:58:09 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.7 required=3.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 95BD23BC4C for ; Fri, 26 Feb 2016 14:58:07 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QXUowULt8JAE for ; Fri, 26 Feb 2016 14:58:01 +0100 (CET) Received: from mail-io0-f180.google.com (mail-io0-f180.google.com [209.85.223.180]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 1CF253BC4B for ; Fri, 26 Feb 2016 14:58:01 +0100 (CET) Received: by mail-io0-f180.google.com with SMTP id l127so122343639iof.3 for ; Fri, 26 Feb 2016 05:58:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to; bh=3CXS9AWjyA6q8dG8JEnZ1b8m9MEh+HaJvbw7hS/uFOI=; b=Ltez0dkWpzIdICkn4rzk1VnlHom9NKkr+v2k8U/8cdh+wZxbpYC1Tr+aOjYe9MBW4V 1rseLvO64k1ymVi3AIqSYqVw+hSt1DDwOz0eX8aRoXuX2tDoG25AHDvzHORZICzur4fV RBWyFHZ3z5UWvscF9kh3cJVieJsqb04s1Y24KJ5OlyEhQaJKe2JIyUA4zt2I9wwBcEzE 4rE/crtiVCSuTmeYy21zSnzOBvqyzSHYMWfysMsjp1n/2h1XqWH1PaT1TJNCZkAUPgWw 0tAZZ0XgKpE8U7wMsL7GmwEVqSkAgEhg4IImrHdVLbkOB82Jj0fDw+IhrDEmVGd62kRj Wyxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=3CXS9AWjyA6q8dG8JEnZ1b8m9MEh+HaJvbw7hS/uFOI=; b=LkY6EUdfOE8BYur94JLHPqNGqg4+4/DXVkbwengwsHFzyTkN5rBQha2Ybt5aL7l3OA +Hy0sBxqMheXW3b47rImjt+5Vc9bgPNPiFH+5JKVIokIKjS0o+3uVeeCD3E4kLcDULBr Rm9846INV/QEMGsGnRICPwR0M9MpEabZf35+wpfeaj9mvn7Buxwx+/UjLmjP/pYScKJI MzIkymc13P9cArVgYt86xADQftQ70eg1e35xiNKaCikJspeiY8wsthDyZEjIgJ6xsgXa tmvHuupDB1oudksspVorGr/kx5W1DHdcGssaaCI6hdVs3A6U9uKQlp5lL+N3B6nOUr+w Qrpw== X-Gm-Message-State: AG10YOSd4HDDt1qX5XN4RAFlGlF/k77W1guIICGUwdmjZymjXLzrIWpBS1bc/eQMfPwC6atwp+gjpmMTOzBCSw== MIME-Version: 1.0 X-Received: by 10.107.19.221 with SMTP id 90mr9719495iot.24.1456495079839; Fri, 26 Feb 2016 05:57:59 -0800 (PST) Received: by 10.107.55.69 with HTTP; Fri, 26 Feb 2016 05:57:59 -0800 (PST) Date: Fri, 26 Feb 2016 08:57:59 -0500 Message-ID: Subject: Windows: Update libssh to 0.7.3 to fix CVE-2016-0739 From: Mike DePaulo To: "submit@bugs.x2go.org" Content-Type: text/plain; charset=UTF-8 package: x2goclient version: 4.0.5.0 tags: build-win32 You can read about CVE-2016-0739 here: https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/ This bug is specifically for X2Go Client for Windows because X2Go Client uses a patched version of libssh. The patch is here: http://code.x2go.org/gitweb?p=x2goclient-contrib.git;a=blob_plain;f=libssh/0.7.0-x2go1-mingw482_src/0001-Port-KDE-for-WIndows-s-Pageant-patch-0001-implement-.patch;hb=HEAD