-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Dear all,
This is to announce a new release of X2Go Client for Windows.
This is the 2nd release of X2Go Client 4.0.3.2 for Windows. The 1st release was 4.0.3.2-20150219. The changes are relative to that release.
The changes in this release are: o Windows: Bundle new version of VcXsrv: 1.15.2.3-xp+vc2013+x2go1. The difference from 1.15.2.2-xp+vc2013+x2go1 is that CVE-2015-0255 has been fixed. o Windows: Update bundled nxproxy (nx-libs-lite) from 3.5.0.27 to 3.5.0.28. o Windows: Update bundled Cygwin libjpeg-turbo from 1.3.1-1 to 1.3.1-3. The difference is that CVE-2014-9092 has been fixed. o Windows: Update bundled Cygwin libpng from 1.5.18-1 to 1.5.21-2. In addition to other changes, CVE-2013-6954 has been fixed. o Windows: Copy the exact version of each cygwin DLL from the cygwin binary tarballs rather than copying the "rebased" version from an X2Go developer's cygwin installation. What effect this will have on users is TBD. However, it does mean that we are distributing the exact DLLs that the Cygwin project provides, which is desirable for security.
As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.
For the Windows-specific release notes for this release, see this page: http://wiki.x2go.org/doku.php/doc:release-notes-mswin:x2goclient-4.0.3.2
Regards, Mike DePaulo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iF4EAREIAAYFAlTtwDcACgkQIFy22CVQsiv4dgEAhFrLgYznW77+6Zb40gZX9NdI HTF2juTaDO5s3jZDXHABAKICuz0qBJwHhUPN5BOJRyPNW0hxW7eaVSqh8B/zak8l =DK/6 -----END PGP SIGNATURE-----