Package: x2goclient Version: 4.0.3.1-3 Severity: important
When X2Go Client is used with an X2Go Session Broker, normally the broker session only ends once X2Go Client gets closed. The --broker-autologoff cmdline options enforce broker logout after an X2Go session has been suspended or terminated. This is very useful when X2Go Client is used on thin client machines.
However, the current version in Debian, does not really logout the broker user from the broker session. X2Go Client's GUI goes back to the broker login screen, but the broker session can be continued in the name of the previously logged in user if an empty password is used on the broker login screen.
This issue has been discovered only a couple of days ago and been documented as upstream bug #782 [1].
Mike [1] http://bugs.x2go.org/782 -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpwty169L8XB.pgp
Description: Digitale PGP-Signatur
