[X2Go-Commits] [x2goclient] 03/04: Windows: Update PuTTY from 0.68 to 0.70

git-admin at x2go.org git-admin at x2go.org
Thu Mar 1 02:56:44 CET 2018 

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch release/4.1.1.1-mswin
in repository x2goclient.

commit 03705156000c7311804e80a42bf430c6eb171716
Author: Mike DePaulo <mikedep333 at gmail.com>
Date:   Sun Feb 18 23:08:27 2018 -0500

    Windows: Update PuTTY from 0.68 to 0.70
---
 copy-deps-win32.bat | 2 +-
 debian/changelog    | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/copy-deps-win32.bat b/copy-deps-win32.bat
index 1fe50b5..6c3d32c 100755
--- a/copy-deps-win32.bat
+++ b/copy-deps-win32.bat
@@ -11,7 +11,7 @@ xcopy /E /Y    %1\MinGW-DLLs\i686-4.8.2-release-posix-dwarf-rt_v3-rev3\libstdc++
 xcopy /E /Y    %1\MinGW-DLLs\i686-4.8.2-release-posix-dwarf-rt_v3-rev3\libwinpthread-1.dll %3\ || exit /b  %errorlevel%
 xcopy /E /Y    %1\MSVC-DLLs\2013-12.0.21005.1-x86\msvcr120.dll %3\ || exit /b  %errorlevel%
 xcopy /E /Y    %1\pulse\7.1-2.2_bin %3\ || exit /b  %errorlevel%
-xcopy /E /Y    %1\PuTTY\0.68_bin %3\ || exit /b  %errorlevel%
+xcopy /E /Y    %1\PuTTY\0.70_bin %3\ || exit /b  %errorlevel%
 xcopy /E /Y /I %1\VcXsrv\1.17.0.0-3_bin %3\VcXsrv || exit /b  %errorlevel%
 xcopy /E /Y    %1\zlib\1.2.8_bin\zlib1.dll %3\ || exit /b  %errorlevel%
 xcopy /E /Y    %1\zlib\x86-mingw4-1.2.7-1_bin\bin\libz.dll %3\ || exit /b  %errorlevel%
diff --git a/debian/changelog b/debian/changelog
index 4463ac7..0cd1c48 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,11 @@ x2goclient (4.1.1.1-2018.03.01) unstable; urgency=medium
     - src/sshmasterconnection.cpp: Do not attempt to perform Interaction with
       SSH Server (e.g. for changing expired password) when using
       GSSAPI/Kerberos because the interaction code does not support it yet.
+    - Windows: Update PuTTY from 0.68 to 0.70, which fixes PuTTY vulns
+      vuln-indirect-dll-hijack-2 & vuln-indirect-dll-hijack-3.
+      Note that x2goclient was only ever affected if the permissions on the
+      installation folder were changed to give users write access, or if
+      x2goclient was copied/extracted to a folder where users could write.
 
  -- Mike DePaulo <mikedep333 at gmail.com>  Wed, 28 Feb 2018 20:53:41 -0500
 

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git

More information about the x2go-commits mailing list