← Back to team overview

group.of.nepali.translators team mailing list archive

  1. group.of.nepali.translators team
  2. Mailing list archive
  3. Message #33846

[Bug 1856795] Re: X2Go Client broken by 0.8.0~20170825.94fa1e38-1ubuntu0.5

  Thread PreviousDate PreviousThread Next 
Affect versions of libssh:

focal 0.9.0-1ubuntu5
eoan 0.9.0-1ubuntu1.3
disco 0.8.6-3ubuntu0.3
bionic 0.8.0~20170825.94fa1e38-1ubuntu0.5
xenial 0.6.3-4.3ubuntu0.5


** Changed in: x2goclient (Ubuntu Xenial)
       Status: New => Confirmed

** Changed in: x2goclient (Ubuntu Bionic)
       Status: New => Confirmed

** Changed in: x2goclient (Ubuntu Disco)
       Status: New => Confirmed

** Changed in: x2goclient (Ubuntu Eoan)
       Status: New => Confirmed

** Changed in: libssh (Ubuntu Xenial)
       Status: New => Invalid

** Changed in: libssh (Ubuntu Bionic)
       Status: New => Invalid

** Changed in: libssh (Ubuntu Disco)
       Status: New => Invalid

** Changed in: libssh (Ubuntu Eoan)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1856795

Title:
  X2Go Client broken by 0.8.0~20170825.94fa1e38-1ubuntu0.5

Status in libssh package in Ubuntu:
  Invalid
Status in x2goclient package in Ubuntu:
  Fix Released
Status in libssh source package in Xenial:
  Invalid
Status in x2goclient source package in Xenial:
  Confirmed
Status in libssh source package in Bionic:
  Invalid
Status in x2goclient source package in Bionic:
  Confirmed
Status in libssh source package in Disco:
  Invalid
Status in x2goclient source package in Disco:
  Confirmed
Status in libssh source package in Eoan:
  Invalid
Status in x2goclient source package in Eoan:
  Confirmed
Status in x2goclient package in Debian:
  Fix Released

Bug description:
  The recent CVE fix broke SCP support in libssh, which X2Go Client
  (x2goclient) relies on.

  Sessions now fail with error messages such as "SCP: Warning: status
  code 1 received: scp: ~username/.x2go/ssh: No such file or
  directory\n". (Also note the literal "\n" there, but I guess we don't
  really need to care about that.)

  The previous version worked fine and rolling the libssh4 package back
  fixes this issue, but also leaves users vulnerable to the fixed
  security issue in its scp implementation.

  
  I've been looking at the debdiff, but spotting the actual changes is very difficult due to the reformatting that was done at the same time. This degraded the patch(es) into one big blob.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1856795/+subscriptions
  Thread PreviousDate PreviousThread Next