[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Regression in X2Go Client caused by CVE-2019-14889/libssh fix

Hi again,

On  Sa 21 Dez 2019 18:36:09 CET, Mike Gabriel wrote:

Hi again,

On  Sa 21 Dez 2019 17:27:15 CET, Mike Gabriel wrote:

Hi all,

the recent libssh fix for CVE-2019-14889 causes a regresion in X2Go Client:

Connection failed. Couldn't create remote file ~<user>/.x2go/ssh/key.X18947 - SCP: Warning: status code 1 received: scp: ~<user>/.x2go/ssh: No such file or directory"

The solution to this is a fix to be applied against X2Go Client (in jessie/stretch/buster/unstable):


See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947129
and https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1856795

Btw... if anyone with MOTU (Ubuntu maintainer) status is reading this, please follow-up and provide regression fixes (i.e. a patched X2Go Client, see LP:#1856795) to Ubuntu.


I just dput x2goclient to jessie-security shipping a fix for regression with CVE-2019-14889/libssh

Does that need a DLA?

If yes, shall it be a regression DLA for DLA-2038-1/libssh? Or a new DLA number?

Appreciating feedback,


mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4351) 486 14 27

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: pgpTWvZDp41hZ.pgp
Description: Digitale PGP-Signatur

Reply to: