Your message dated Sun, 29 Dec 2019 11:47:19 +0000 with message-id <E1ilX2V-000FTX-Mp@fasolo.debian.org> and subject line Bug#947129: fixed in x2goclient 4.1.2.1-2+deb10u1 has caused the Debian Bug report #947129, regarding x2goclient: regression caused by CVE-2019-14889/libssh fix to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 947129: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947129 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: x2goclient: regression caused by CVE-2019-14889/libssh fix
- From: Mike Gabriel <sunweaver@debian.org>
- Date: Sat, 21 Dec 2019 16:53:01 +0000
- Message-id: <[🔎] 20191221165301.Horde.emHcjYRaf-gxfGlYyAXf9jC@mail.das-netzwerkteam.de>
Package: x2goclient Version: 4.1.2.1-3 Severity: serious Control: found -1 4.0.3.1-4 Control: found -1 4.0.5.2-2 the recent libssh fix for CVE-2019-14889 causes a regresion in X2Go Client: ```Connection failed. Couldn't create remote file ~<user>/.x2go/ssh/key.X18947 - SCP: Warning: status code 1 received: scp: ~<user>/.x2go/ssh: No such file or directory"```The solution to this is a fix to be applied against X2Go Client (in jessie/stretch/buster/unstable):https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d1 light+love Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunweaver@debian.org, http://sunweavers.netAttachment: pgpvZmdY8it1g.pgp
Description: Digitale PGP-Signatur
--- End Message ---
--- Begin Message ---
- To: 947129-close@bugs.debian.org
- Subject: Bug#947129: fixed in x2goclient 4.1.2.1-2+deb10u1
- From: Mike Gabriel <sunweaver@debian.org>
- Date: Sun, 29 Dec 2019 11:47:19 +0000
- Message-id: <E1ilX2V-000FTX-Mp@fasolo.debian.org>
Source: x2goclient Source-Version: 4.1.2.1-2+deb10u1 We believe that the bug you reported is fixed in the latest version of x2goclient, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 947129@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Gabriel <sunweaver@debian.org> (supplier of updated x2goclient package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 21 Dec 2019 18:22:22 +0100 Source: x2goclient Architecture: source Version: 4.1.2.1-2+deb10u1 Distribution: buster Urgency: medium Maintainer: Debian Remote Maintainers <pkg-remote-team@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 947129 Changes: x2goclient (4.1.2.1-2+deb10u1) buster; urgency=medium . * debian/patches: + Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp: strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY- based Windows solution for Kerberos support), but newer libssh versions with the CVE-2019-14889 also interpret paths as literal strings. (Closes: #947129). Checksums-Sha1: df8f3fc84a7b0bd388803200c4057e15f0a3ac32 2524 x2goclient_4.1.2.1-2+deb10u1.dsc b880847bce015331fcb2b62bbeda29194068b510 23976 x2goclient_4.1.2.1-2+deb10u1.debian.tar.xz b3987af3dad42f6ff3f6b04bc0424d745dd736f1 13293 x2goclient_4.1.2.1-2+deb10u1_source.buildinfo Checksums-Sha256: 655c0a02eb93c4ac1547969d3eb8d0e57c0a2802748a5b1aec45d152f45dede7 2524 x2goclient_4.1.2.1-2+deb10u1.dsc a47d06f610acc8505c474ba3876f9e3b83c1edceb5124a68d66194083907c545 23976 x2goclient_4.1.2.1-2+deb10u1.debian.tar.xz 2667c61d7faec2abb82250a3bf38e22a7e31b13df228bbe32cace1228e245504 13293 x2goclient_4.1.2.1-2+deb10u1_source.buildinfo Files: d26da1a02c6bfb6fdddd8604c71b3c74 2524 x11 optional x2goclient_4.1.2.1-2+deb10u1.dsc 5bfd9edaefc75fe247e76d9a17b90b7c 23976 x11 optional x2goclient_4.1.2.1-2+deb10u1.debian.tar.xz 8ab6412cffbcd49c133e7465435c9bba 13293 x11 optional x2goclient_4.1.2.1-2+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3/LqcVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxJBYQAKSvOxU8qN7PkOwetsQOubM/e72G n0ehx5g+49g1tzCyoAaWRKKQGK3GMultnm7OgMQK07I0TUc523pdoo7AHhpDXloR POhTH2E9JLBjEGkYq6ohrr056Snf7IwvWGyU2vMuvshrpZ2k3ySDbMm4JFk85hhF OtEsnymcttted+OFIPk01SnaRlQJYODvI94Fkxa9OygnjEOOzzql4vz2icJGT5vl Rgw4WvEL0QBLZ7fPOmCSsxtnEYiY22o6euRAfQxMZLzoq+V0ZOiwuE0IL0+oMZHa wJGdzWhkRlX4RYc33QAnIyqhdPs+IGLIhmvT2lEH8+kAku5eAbuHdNTvATIZAP4X 6y+iQQigVadBDK8bwXNyE2cStFwXkQNpXTEKbFmxOhMJpetVLorXtH02qEWkRHju rzS9PJozXzrEc5kM/0upm/JOQKcR3sho7ISXWpPZK/t7Aru0gI/dyNlhdXOQRXt3 t/TaQPwgvoZLNO4pnBJmR3suNGS+BZQEICAz7k1kL33qNHzIEZ4le44ZDTbajFzO YABdyR8kc4daYezoWfleAgS+5CKBEiV1e/5dUr8lNjFfuVZypQSPMVg/smKHJsMu 53EfUSrSRYYrnDc/puTNkpiTvLYU4XFBmCuTHJ2x/EgwQYr/4c7aqIlXBitKf5A4 3uVJ3p05s8Nl9wtU =DQTN -----END PGP SIGNATURE-----
--- End Message ---