[X2Go-Commits] [x2goclient] 03/04: Windows: Update PuTTY from 0.68 to 0.70
git-admin at x2go.org
git-admin at x2go.org
Thu Mar 1 02:56:44 CET 2018
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch release/4.1.1.1-mswin
in repository x2goclient.
commit 03705156000c7311804e80a42bf430c6eb171716
Author: Mike DePaulo <mikedep333 at gmail.com>
Date: Sun Feb 18 23:08:27 2018 -0500
Windows: Update PuTTY from 0.68 to 0.70
---
copy-deps-win32.bat | 2 +-
debian/changelog | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/copy-deps-win32.bat b/copy-deps-win32.bat
index 1fe50b5..6c3d32c 100755
--- a/copy-deps-win32.bat
+++ b/copy-deps-win32.bat
@@ -11,7 +11,7 @@ xcopy /E /Y %1\MinGW-DLLs\i686-4.8.2-release-posix-dwarf-rt_v3-rev3\libstdc++
xcopy /E /Y %1\MinGW-DLLs\i686-4.8.2-release-posix-dwarf-rt_v3-rev3\libwinpthread-1.dll %3\ || exit /b %errorlevel%
xcopy /E /Y %1\MSVC-DLLs\2013-12.0.21005.1-x86\msvcr120.dll %3\ || exit /b %errorlevel%
xcopy /E /Y %1\pulse\7.1-2.2_bin %3\ || exit /b %errorlevel%
-xcopy /E /Y %1\PuTTY\0.68_bin %3\ || exit /b %errorlevel%
+xcopy /E /Y %1\PuTTY\0.70_bin %3\ || exit /b %errorlevel%
xcopy /E /Y /I %1\VcXsrv\1.17.0.0-3_bin %3\VcXsrv || exit /b %errorlevel%
xcopy /E /Y %1\zlib\1.2.8_bin\zlib1.dll %3\ || exit /b %errorlevel%
xcopy /E /Y %1\zlib\x86-mingw4-1.2.7-1_bin\bin\libz.dll %3\ || exit /b %errorlevel%
diff --git a/debian/changelog b/debian/changelog
index 4463ac7..0cd1c48 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,11 @@ x2goclient (4.1.1.1-2018.03.01) unstable; urgency=medium
- src/sshmasterconnection.cpp: Do not attempt to perform Interaction with
SSH Server (e.g. for changing expired password) when using
GSSAPI/Kerberos because the interaction code does not support it yet.
+ - Windows: Update PuTTY from 0.68 to 0.70, which fixes PuTTY vulns
+ vuln-indirect-dll-hijack-2 & vuln-indirect-dll-hijack-3.
+ Note that x2goclient was only ever affected if the permissions on the
+ installation folder were changed to give users write access, or if
+ x2goclient was copied/extracted to a folder where users could write.
-- Mike DePaulo <mikedep333 at gmail.com> Wed, 28 Feb 2018 20:53:41 -0500
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
More information about the x2go-commits
mailing list