[X2Go-Commits] [x2goclient] 01/01: Windows: Update PuTTY from 0.68 to 0.70

git-admin at x2go.org git-admin at x2go.org
Mon Feb 19 05:05:42 CET 2018 

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository x2goclient.

commit b0a7b5c89f920b9416de426afcda7f42d5039493
Author: Mike DePaulo <mikedep333 at gmail.com>
Date:   Sun Feb 18 23:08:27 2018 -0500

    Windows: Update PuTTY from 0.68 to 0.70
---
 copy-deps-win32.bat | 2 +-
 debian/changelog    | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/copy-deps-win32.bat b/copy-deps-win32.bat
index 1fe50b5..6c3d32c 100755
--- a/copy-deps-win32.bat
+++ b/copy-deps-win32.bat
@@ -11,7 +11,7 @@ xcopy /E /Y    %1\MinGW-DLLs\i686-4.8.2-release-posix-dwarf-rt_v3-rev3\libstdc++
 xcopy /E /Y    %1\MinGW-DLLs\i686-4.8.2-release-posix-dwarf-rt_v3-rev3\libwinpthread-1.dll %3\ || exit /b  %errorlevel%
 xcopy /E /Y    %1\MSVC-DLLs\2013-12.0.21005.1-x86\msvcr120.dll %3\ || exit /b  %errorlevel%
 xcopy /E /Y    %1\pulse\7.1-2.2_bin %3\ || exit /b  %errorlevel%
-xcopy /E /Y    %1\PuTTY\0.68_bin %3\ || exit /b  %errorlevel%
+xcopy /E /Y    %1\PuTTY\0.70_bin %3\ || exit /b  %errorlevel%
 xcopy /E /Y /I %1\VcXsrv\1.17.0.0-3_bin %3\VcXsrv || exit /b  %errorlevel%
 xcopy /E /Y    %1\zlib\1.2.8_bin\zlib1.dll %3\ || exit /b  %errorlevel%
 xcopy /E /Y    %1\zlib\x86-mingw4-1.2.7-1_bin\bin\libz.dll %3\ || exit /b  %errorlevel%
diff --git a/debian/changelog b/debian/changelog
index 4c4a4b7..a0d78f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,11 @@ x2goclient (4.1.1.2-0x2go1) UNRELEASED; urgency=medium
     - src/sshmasterconnection.cpp: Do not attempt to perform Interaction with
       SSH Server (e.g. for changing expired password) when using
       GSSAPI/Kerberos because the interaction code does not support it yet.
+    - Windows: Update PuTTY from 0.68 to 0.70, which fixes PuTTY vulns
+      vuln-indirect-dll-hijack-2 & vuln-indirect-dll-hijack-3.
+      Note that x2goclient was only ever affected if the permissions on the
+      installation folder were changed to give users write access, or if
+      x2goclient was copied/extracted to a folder where users could write.
 
  -- X2Go Release Manager <git-admin at x2go.org>  Thu, 15 Feb 2018 22:01:32 +0100
 

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git

More information about the x2go-commits mailing list