This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2goclient. commit 5f6565fbe37219909a55edf385bcff6ea2baffc2 Author: Mike DePaulo <mikedep333@gmail.com> Date: Sun May 10 18:25:18 2015 -0400 Upgrade bundled VcXsrv from 1.15.2.6 to 1.17.0.0-1 --- copy-deps-win32.bat | 2 +- debian/changelog | 18 ++++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/copy-deps-win32.bat b/copy-deps-win32.bat index 1b97875..5958b66 100755 --- a/copy-deps-win32.bat +++ b/copy-deps-win32.bat @@ -8,7 +8,7 @@ xcopy /E /Y D:\x2goclient-contrib\MinGW-DLLs\i686-4.8.2-release-posix-dwarf-r xcopy /E /Y D:\x2goclient-contrib\MSVC-DLLs\2008-9.0.21022.8-x86 %1\ xcopy /E /Y D:\x2goclient-contrib\pulse\6.0-11.1_bin %1\ xcopy /E /Y D:\x2goclient-contrib\PuTTY\0.64_bin %1\ -xcopy /E /Y /I D:\x2goclient-contrib\VcXsrv\1.15.2.6_bin %1\VcXsrv +xcopy /E /Y /I D:\x2goclient-contrib\VcXsrv\1.17.0.0-1_bin %1\VcXsrv xcopy /E /Y D:\x2goclient-contrib\zlib\1.2.8_bin\zlib1.dll %1\ xcopy /E /Y D:\x2goclient-contrib\zlib\x86-mingw4-1.2.7-1_bin\bin\libz.dll %1\ REM until Win32OpenSSL 1.0.1k comes out diff --git a/debian/changelog b/debian/changelog index 04d0a6e..bd47e24 100644 --- a/debian/changelog +++ b/debian/changelog @@ -22,19 +22,21 @@ x2goclient (4.0.4.0-0x2go1) UNRELEASED; urgency=low - Windows: Upgrade bundled PulseAudio from 5.0-rev18 to 6.0-11.1 (No known impacts to X2Go, except for the fact that many needed patches are now included in upstream PulseAudio.) - - Windows: Update bundled VcXsrv from 1.15.2.2-xp+vc2013+x2go1 to - 1.15.2.6 (X2Go/Arctica Build) - Note that X2Go Client for Windows 4.0.3.2-20150508 has this update - also. + - Windows: Upgrade bundled VcXsrv from 1.15.2.2-xp+vc2013+x2go1 to + 1.17.0.0-1 (X2Go/Arctica Build) + Note that X2Go Client for Windows 4.0.3.2-20150508 has an + update to 1.15.2.6 (X2Go/Arctica), which fixes all the CVEs. The differences relevant to X2Go are: + + Numerous X.org components were upgraded to new major/minor + versions. + CVE-2015-0255 was fixed in VcXsrv itself + CVE-2015-3418 was fixed in VcXsrv itself + Font files no longer differ in each build due to timestamp differences - + VcXsrv's bundled version of openssl was updated from 1.0.1k - to 1.0.1m (fixes the multiple CVEs announced on 2015-03-19) - + VcXsrv's bundled version of libXfont was updated from 1.4.8 - to 1.4.9 (Fixes CVE-2015-1802 through CVE-2015-1804) + + VcXsrv's bundled version of openssl was upgraded from 1.0.1k + to 1.0.2a (fixes the multiple CVEs announced on 2015-03-19) + + VcXsrv's bundled version of libXfont was upgraded from 1.4.8 + to 1.5.1 (Fixes CVE-2015-1802 through CVE-2015-1804) + VcXsrv's bundled version of freetype was updated from 2.5.3 to 2.5.5 (fixes CVE-2014-9656 through CVE-2014-9675) - Windows: Update bundled Win32 OpenSSL from 1.0.1L to 1.0.1m, -- Alioth's /srv/git/code.x2go.org/x2goclient.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goclient.git