Accepted x2goclient 4.1.2.1-2+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 21 Dec 2019 18:22:22 +0100
Source: x2goclient
Architecture: source
Version: 4.1.2.1-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Remote Maintainers <pkg-remote-team@lists.alioth.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 947129
Changes:
x2goclient (4.1.2.1-2+deb10u1) buster; urgency=medium
.
* debian/patches:
+ Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
based Windows solution for Kerberos support), but newer libssh versions
with the CVE-2019-14889 also interpret paths as literal strings.
(Closes: #947129).
Checksums-Sha1:
df8f3fc84a7b0bd388803200c4057e15f0a3ac32 2524 x2goclient_4.1.2.1-2+deb10u1.dsc
b880847bce015331fcb2b62bbeda29194068b510 23976 x2goclient_4.1.2.1-2+deb10u1.debian.tar.xz
b3987af3dad42f6ff3f6b04bc0424d745dd736f1 13293 x2goclient_4.1.2.1-2+deb10u1_source.buildinfo
Checksums-Sha256:
655c0a02eb93c4ac1547969d3eb8d0e57c0a2802748a5b1aec45d152f45dede7 2524 x2goclient_4.1.2.1-2+deb10u1.dsc
a47d06f610acc8505c474ba3876f9e3b83c1edceb5124a68d66194083907c545 23976 x2goclient_4.1.2.1-2+deb10u1.debian.tar.xz
2667c61d7faec2abb82250a3bf38e22a7e31b13df228bbe32cace1228e245504 13293 x2goclient_4.1.2.1-2+deb10u1_source.buildinfo
Files:
d26da1a02c6bfb6fdddd8604c71b3c74 2524 x11 optional x2goclient_4.1.2.1-2+deb10u1.dsc
5bfd9edaefc75fe247e76d9a17b90b7c 23976 x11 optional x2goclient_4.1.2.1-2+deb10u1.debian.tar.xz
8ab6412cffbcd49c133e7465435c9bba 13293 x11 optional x2goclient_4.1.2.1-2+deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3/LqcVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxJBYQAKSvOxU8qN7PkOwetsQOubM/e72G
n0ehx5g+49g1tzCyoAaWRKKQGK3GMultnm7OgMQK07I0TUc523pdoo7AHhpDXloR
POhTH2E9JLBjEGkYq6ohrr056Snf7IwvWGyU2vMuvshrpZ2k3ySDbMm4JFk85hhF
OtEsnymcttted+OFIPk01SnaRlQJYODvI94Fkxa9OygnjEOOzzql4vz2icJGT5vl
Rgw4WvEL0QBLZ7fPOmCSsxtnEYiY22o6euRAfQxMZLzoq+V0ZOiwuE0IL0+oMZHa
wJGdzWhkRlX4RYc33QAnIyqhdPs+IGLIhmvT2lEH8+kAku5eAbuHdNTvATIZAP4X
6y+iQQigVadBDK8bwXNyE2cStFwXkQNpXTEKbFmxOhMJpetVLorXtH02qEWkRHju
rzS9PJozXzrEc5kM/0upm/JOQKcR3sho7ISXWpPZK/t7Aru0gI/dyNlhdXOQRXt3
t/TaQPwgvoZLNO4pnBJmR3suNGS+BZQEICAz7k1kL33qNHzIEZ4le44ZDTbajFzO
YABdyR8kc4daYezoWfleAgS+5CKBEiV1e/5dUr8lNjFfuVZypQSPMVg/smKHJsMu
53EfUSrSRYYrnDc/puTNkpiTvLYU4XFBmCuTHJ2x/EgwQYr/4c7aqIlXBitKf5A4
3uVJ3p05s8Nl9wtU
=DQTN
-----END PGP SIGNATURE-----