This bug was fixed in the package x2goclient - 4.1.1.1-2ubuntu0.18.04.1
---------------
x2goclient (4.1.1.1-2ubuntu0.18.04.1) bionic; urgency=medium
* debian/patches:
+ Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
based Windows solution for Kerberos support), but newer libssh versions
with the CVE-2019-14889 also interpret paths as literal strings.
(LP: #1856795).
-- Mike Gabriel <sunwea...@debian.org> Wed, 25 Dec 2019 21:11:41 +0100
** Changed in: x2goclient (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** Changed in: x2goclient (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856795
Title:
[SRU] X2Go Client broken by libssh CVE-2019-14889 fix
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/x2goclient/+bug/1856795/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
