Your message dated Sun, 29 Dec 2019 14:44:56 +0000 with message-id <E1ilZoO-0005AW-7N@fasolo.debian.org> and subject line Bug#947129: fixed in x2goclient 4.0.5.2-2+deb9u1 has caused the Debian Bug report #947129, regarding x2goclient: regression caused by CVE-2019-14889/libssh fix to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 947129: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947129 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: x2goclient: regression caused by CVE-2019-14889/libssh fix
- From: Mike Gabriel <sunweaver@debian.org>
- Date: Sat, 21 Dec 2019 16:53:01 +0000
- Message-id: <[🔎] 20191221165301.Horde.emHcjYRaf-gxfGlYyAXf9jC@mail.das-netzwerkteam.de>
Package: x2goclient Version: 4.1.2.1-3 Severity: serious Control: found -1 4.0.3.1-4 Control: found -1 4.0.5.2-2 the recent libssh fix for CVE-2019-14889 causes a regresion in X2Go Client: ```Connection failed. Couldn't create remote file ~<user>/.x2go/ssh/key.X18947 - SCP: Warning: status code 1 received: scp: ~<user>/.x2go/ssh: No such file or directory"```The solution to this is a fix to be applied against X2Go Client (in jessie/stretch/buster/unstable):https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d1 light+love Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunweaver@debian.org, http://sunweavers.netAttachment: pgpSu4zrymwcC.pgp
Description: Digitale PGP-Signatur
--- End Message ---
--- Begin Message ---
- To: 947129-close@bugs.debian.org
- Subject: Bug#947129: fixed in x2goclient 4.0.5.2-2+deb9u1
- From: Mike Gabriel <sunweaver@debian.org>
- Date: Sun, 29 Dec 2019 14:44:56 +0000
- Message-id: <E1ilZoO-0005AW-7N@fasolo.debian.org>
Source: x2goclient Source-Version: 4.0.5.2-2+deb9u1 We believe that the bug you reported is fixed in the latest version of x2goclient, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 947129@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Gabriel <sunweaver@debian.org> (supplier of updated x2goclient package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 22 Dec 2019 14:53:58 +0100 Source: x2goclient Architecture: source Version: 4.0.5.2-2+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Remote Maintainers <pkg-remote-team@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 947129 Changes: x2goclient (4.0.5.2-2+deb9u1) stretch; urgency=medium . * debian/patches: + Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp: strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY- based Windows solution for Kerberos support), but newer libssh versions with the CVE-2019-14889 also interpret paths as literal strings. (Closes: #947129). Checksums-Sha1: 0244ba470443ff25216cf62258156e3803d78692 2427 x2goclient_4.0.5.2-2+deb9u1.dsc 337c99644163694d99a85f18599ae35a674cebbb 19392 x2goclient_4.0.5.2-2+deb9u1.debian.tar.xz de6ec636d19cae96d7b01e822b0f3e527eb75745 9895 x2goclient_4.0.5.2-2+deb9u1_source.buildinfo Checksums-Sha256: 52469be2c1d12427aa222235c4c3f1109ca43a51bf56890774993f7bb8831be5 2427 x2goclient_4.0.5.2-2+deb9u1.dsc 3b0b6f7d4235b7debbdd23a8d2ba40a33831f0a98b4773f48ffdda6413eaa0d2 19392 x2goclient_4.0.5.2-2+deb9u1.debian.tar.xz fea1d7b4a076dc2a7aeeb08eb48ae555682ed25dcf6b28dfd8ca6855cdbbdbc0 9895 x2goclient_4.0.5.2-2+deb9u1_source.buildinfo Files: bf3e9fbeafc260e3c54370a6c791dda0 2427 x11 extra x2goclient_4.0.5.2-2+deb9u1.dsc 82e79762c750b1936d5450c74f6d21e5 19392 x11 extra x2goclient_4.0.5.2-2+deb9u1.debian.tar.xz 4ce8b8a1a3c761bc30c726dea03fe9e8 9895 x11 extra x2goclient_4.0.5.2-2+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3/dtsVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxBHYQAIkQh703jOSC4FNbNoEfR53Zrm5+ QRuRnuZZwFEBTUtwwaBAcOhrUyjpb6RygLBI8bPijeKV6sDdcz6eu8boAFETvkHY iKFv3tyeagjOUMxrklm4CtD1Ml/wIA9+vcBKcEMPsaSgPUZgODSikAumW+2UAd95 ikoPifv6/DWXnD5KcNITFzl+d64HIWMwlxAOXLOVWuWDlHvnpiB8Cd721X8QyyiR YGXXkRrPCXPcEoxwrToPRpo9ec8xFAw1fNCHHsvEyC5Ce91qMbVlSAvw/6N6qU1d JUbVwGtCySC7Qr5K07efJQxubJ9XpZspFfN+8tWX7YmSy2Wh8a7w7HcOZHuUzxDZ YMNXmmGz9nmFgbsnfeV5U9gV7CyvrLfBQqWR/a4IGkUvbPF3H9lpyA4TuWnKLeSs Y5ODIspTMazS8ECQer8zWCtxx0Rfr+lMwpP9zEXrgpoRCcpuIjbTwNcbdae4Sx/u N+zjhaGZbof7ogS2y6jBQGW6c/rxZWYlih2nRbIET+0DMR/ZXAzLXBorbdxYqPj8 OVhdX0z3EVzmeA5qEoU2tcD3zHwM01nY7ltUJ4cZ+QwFvzfOVnXcE/+x402boGzW io3ziyI0kPj0LeT9oP+jDOfYPBRUL9MAzNkGweMfLPOJbgwLsYKhkFRppo1G0ctt U+VclJXs/V0TGcVo =tap0 -----END PGP SIGNATURE-----
--- End Message ---