This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch release/4.1.1.1-mswin in repository x2goclient. commit 03705156000c7311804e80a42bf430c6eb171716 Author: Mike DePaulo <mikedep333@gmail.com> Date: Sun Feb 18 23:08:27 2018 -0500 Windows: Update PuTTY from 0.68 to 0.70 --- copy-deps-win32.bat | 2 +- debian/changelog | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/copy-deps-win32.bat b/copy-deps-win32.bat index 1fe50b5..6c3d32c 100755 --- a/copy-deps-win32.bat +++ b/copy-deps-win32.bat @@ -11,7 +11,7 @@ xcopy /E /Y %1\MinGW-DLLs\i686-4.8.2-release-posix-dwarf-rt_v3-rev3\libstdc++ xcopy /E /Y %1\MinGW-DLLs\i686-4.8.2-release-posix-dwarf-rt_v3-rev3\libwinpthread-1.dll %3\ || exit /b %errorlevel% xcopy /E /Y %1\MSVC-DLLs\2013-12.0.21005.1-x86\msvcr120.dll %3\ || exit /b %errorlevel% xcopy /E /Y %1\pulse\7.1-2.2_bin %3\ || exit /b %errorlevel% -xcopy /E /Y %1\PuTTY\0.68_bin %3\ || exit /b %errorlevel% +xcopy /E /Y %1\PuTTY\0.70_bin %3\ || exit /b %errorlevel% xcopy /E /Y /I %1\VcXsrv\1.17.0.0-3_bin %3\VcXsrv || exit /b %errorlevel% xcopy /E /Y %1\zlib\1.2.8_bin\zlib1.dll %3\ || exit /b %errorlevel% xcopy /E /Y %1\zlib\x86-mingw4-1.2.7-1_bin\bin\libz.dll %3\ || exit /b %errorlevel% diff --git a/debian/changelog b/debian/changelog index 4463ac7..0cd1c48 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,11 @@ x2goclient (4.1.1.1-2018.03.01) unstable; urgency=medium - src/sshmasterconnection.cpp: Do not attempt to perform Interaction with SSH Server (e.g. for changing expired password) when using GSSAPI/Kerberos because the interaction code does not support it yet. + - Windows: Update PuTTY from 0.68 to 0.70, which fixes PuTTY vulns + vuln-indirect-dll-hijack-2 & vuln-indirect-dll-hijack-3. + Note that x2goclient was only ever affected if the permissions on the + installation folder were changed to give users write access, or if + x2goclient was copied/extracted to a folder where users could write. -- Mike DePaulo <mikedep333@gmail.com> Wed, 28 Feb 2018 20:53:41 -0500 -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git