Accepted x2goclient 4.1.2.1-4 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 21 Dec 2019 17:56:23 +0100
Source: x2goclient
Architecture: source
Version: 4.1.2.1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 947129
Changes:
x2goclient (4.1.2.1-4) unstable; urgency=medium
.
* debian/patches:
+ Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
based Windows solution for Kerberos support), but newer libssh versions
with the CVE-2019-14889 also interpret paths as literal strings.
(Closes: #947129).
Checksums-Sha1:
e5a05985b48ac351cbea110711a29fb621a66ef6 2489 x2goclient_4.1.2.1-4.dsc
dbc1e27d7d30127ff176b911193c6a6f2e13c95c 24068 x2goclient_4.1.2.1-4.debian.tar.xz
c7bad695f3d3499f83beafed23fdf135f5a04c87 13021 x2goclient_4.1.2.1-4_source.buildinfo
Checksums-Sha256:
21f9d6a71ba016003a6161aa8df366c25e2945f5a80f395df49bbfe210770fda 2489 x2goclient_4.1.2.1-4.dsc
986ada1ef922176baaff8bbde2e264e24153ce9fac962daa3d88694b99c73280 24068 x2goclient_4.1.2.1-4.debian.tar.xz
f8a0d0140c1ff0ac4245afa6597cc3e292a585fa8531bc01ceff50ac682b226a 13021 x2goclient_4.1.2.1-4_source.buildinfo
Files:
ab88fa360d9297e67679e76c4834a5fc 2489 x11 optional x2goclient_4.1.2.1-4.dsc
bee88899ce4b13b1022ee44dc1bac673 24068 x11 optional x2goclient_4.1.2.1-4.debian.tar.xz
300fa8976876634b8de6d96eb2b817eb 13021 x11 optional x2goclient_4.1.2.1-4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3+VE4VHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx3dMP/iCSggpg5jtShOGo0VPNvu67cz1j
e0M0UO9uMjcu95hTeCySITbHKblQKB/VPgD910rW9dD9igGf/enM3Qg2ue0iY7Dt
d2ERKCZEZRum98+O9S1aMwQZypZEAxpGIe4xC5gItYqclBPnqTg9UadXP35DBmNf
3p4cUCwfAmFdi0Pz7m6NmDZ3H/1PoOH303d2+IdfndD6iZe+if45nEJfCganC5Fd
FFrUr+Bt1URGaN1/Gy8bMiRTfP+NXamyL7Yc2KCfxBAaARIZWrjO2yHff6OY2oPM
etnoJOUmFP6vtbiLhcconfXe+kYpOL0smlQp0CeK3PAGQkkqizKqk1i3FDU/PvCD
2pIUJvhV7Rhnbr2bG66VfT3mr3ekcoJynXOlLGEFqKsHtIu3xoOBWHbLoy8ouSwc
WK9A+eyBwKa2A4BF9f9W82ymZrHYP2BbA2nbpDhjEjIpjFR8a0tFEMCByIeXgGzo
2QNbG1crA7BwISbWR1cF/NmYxbNb0OpZYGuR6rFnxLARmEwfO+19AaFj385z05yJ
OAFHsqXBkUqm9Xwp8jfLsenOj1xK5vefiO1XC6JDwgi4vFf7X8TM6HXyBbPORiPT
79WRbvPV3mwzv+ifiVV3w6rwkwbowr2zvagEWXWYSQZ1RzaBD9wTDwJwt5Y1Mttr
Pm/Y+/yzQLtZ7KAb
=ovSJ
-----END PGP SIGNATURE-----