Hallo,
hat sich bezüglich
http://www.mail-archive.com/x2go-dev@lists.berlios.de/msg01293.html http://www.mail-archive.com/x2go-dev@lists.berlios.de/msg01298.html
was getan? - Es gibt bisher keine Security Patches oder Releases?! Nichtmal Vorschläge um das Problem einzugrenzen wurden gemacht...
wie z.B. folgender Code für /usr/bin/x2gopgwrapper direkt hinter den Shebang:
for var in "$@" do if [[ ! $var =~ ^[A-Za-z0-9/_.-]+$ ]] then echo "blocked" exit 1 fi done
Hi,
please note that this list is in English... I will translate your
question for the English speaking majority on this list. Please, be so
kind an refrain from posting in German.
On Sa 23 Apr 2011 12:27:47 CEST Provo Kant wrote:
Hallo,
hat sich bezüglich
translated (by Mike): has any solution come refering to...
http://www.mail-archive.com/x2go-dev@lists.berlios.de/msg01293.html http://www.mail-archive.com/x2go-dev@lists.berlios.de/msg01298.html
was getan? -
Es gibt bisher keine Security Patches oder Releases?!
translated (by Mike): There have been no security patches nor release
concerning the issues, yet.
Nichtmal Vorschläge um das Problem einzugrenzen wurden gemacht...
translated (by Mike): Not even suggestions how to address / narrow
down the isse.
........
The answer to your guestion is that there has been a complete rewrite
of the x2goserver packages (all versions above 3.0.99):
http://www.x2go.org/deb/pool-heuler/x2goserver/
The current code based can be reviewed here: http://code.x2go.org/gitweb?p=x2goserver.git;a=summary
The new release had also been announced by Alex on the x2go-dev ML: https://lists.berlios.de/pipermail/x2go-dev/2011-January/001582.html
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
-
Mike Gabriel -
Provo Kant