2019-12-18 03:12:11 |
Mihai Moldovan |
bug |
|
|
added bug |
2019-12-19 09:02:21 |
Launchpad Janitor |
libssh (Ubuntu): status |
New |
Confirmed |
|
2019-12-19 10:18:28 |
Thomas Templin |
bug |
|
|
added subscriber Thomas Templin |
2019-12-21 17:10:14 |
Mike Gabriel |
cve linked |
|
2019-14889 |
|
2019-12-21 17:12:59 |
Mike Gabriel |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947129 |
|
2019-12-21 18:44:36 |
Graham Inggs |
bug task added |
|
x2goclient (Ubuntu) |
|
2019-12-21 18:45:02 |
Graham Inggs |
bug task added |
|
x2goclient (Debian) |
|
2019-12-21 19:00:11 |
Daniel Lange |
x2goclient (Ubuntu): status |
New |
Confirmed |
|
2019-12-21 20:10:32 |
Graham Inggs |
libssh (Ubuntu): status |
Confirmed |
Invalid |
|
2019-12-21 20:11:45 |
Graham Inggs |
nominated for series |
|
Ubuntu Eoan |
|
2019-12-21 20:11:45 |
Graham Inggs |
bug task added |
|
libssh (Ubuntu Eoan) |
|
2019-12-21 20:11:45 |
Graham Inggs |
bug task added |
|
x2goclient (Ubuntu Eoan) |
|
2019-12-21 20:11:45 |
Graham Inggs |
nominated for series |
|
Ubuntu Xenial |
|
2019-12-21 20:11:45 |
Graham Inggs |
bug task added |
|
libssh (Ubuntu Xenial) |
|
2019-12-21 20:11:45 |
Graham Inggs |
bug task added |
|
x2goclient (Ubuntu Xenial) |
|
2019-12-21 20:11:45 |
Graham Inggs |
nominated for series |
|
Ubuntu Disco |
|
2019-12-21 20:11:45 |
Graham Inggs |
bug task added |
|
libssh (Ubuntu Disco) |
|
2019-12-21 20:11:45 |
Graham Inggs |
bug task added |
|
x2goclient (Ubuntu Disco) |
|
2019-12-21 20:11:45 |
Graham Inggs |
nominated for series |
|
Ubuntu Bionic |
|
2019-12-21 20:11:45 |
Graham Inggs |
bug task added |
|
libssh (Ubuntu Bionic) |
|
2019-12-21 20:11:45 |
Graham Inggs |
bug task added |
|
x2goclient (Ubuntu Bionic) |
|
2019-12-21 23:03:11 |
Bug Watch Updater |
x2goclient (Debian): status |
Unknown |
Fix Released |
|
2019-12-22 06:12:52 |
Graham Inggs |
bug |
|
|
added subscriber Graham Inggs |
2019-12-22 06:13:45 |
Graham Inggs |
x2goclient (Ubuntu): status |
Confirmed |
Fix Released |
|
2019-12-22 06:34:01 |
Graham Inggs |
x2goclient (Ubuntu Xenial): status |
New |
Confirmed |
|
2019-12-22 06:34:12 |
Graham Inggs |
x2goclient (Ubuntu Bionic): status |
New |
Confirmed |
|
2019-12-22 06:34:21 |
Graham Inggs |
x2goclient (Ubuntu Disco): status |
New |
Confirmed |
|
2019-12-22 06:34:30 |
Graham Inggs |
x2goclient (Ubuntu Eoan): status |
New |
Confirmed |
|
2019-12-22 06:34:42 |
Graham Inggs |
libssh (Ubuntu Xenial): status |
New |
Invalid |
|
2019-12-22 06:34:50 |
Graham Inggs |
libssh (Ubuntu Bionic): status |
New |
Invalid |
|
2019-12-22 06:34:58 |
Graham Inggs |
libssh (Ubuntu Disco): status |
New |
Invalid |
|
2019-12-22 06:35:06 |
Graham Inggs |
libssh (Ubuntu Eoan): status |
New |
Invalid |
|
2019-12-22 10:03:53 |
Graham Inggs |
summary |
X2Go Client broken by 0.8.0~20170825.94fa1e38-1ubuntu0.5 |
[SRU] X2Go Client broken by libssh CVE-2019-14889 fix |
|
2020-01-02 09:07:56 |
Graham Inggs |
description |
The recent CVE fix broke SCP support in libssh, which X2Go Client (x2goclient) relies on.
Sessions now fail with error messages such as "SCP: Warning: status code 1 received: scp: ~username/.x2go/ssh: No such file or directory\n". (Also note the literal "\n" there, but I guess we don't really need to care about that.)
The previous version worked fine and rolling the libssh4 package back fixes this issue, but also leaves users vulnerable to the fixed security issue in its scp implementation.
I've been looking at the debdiff, but spotting the actual changes is very difficult due to the reformatting that was done at the same time. This degraded the patch(es) into one big blob. |
[Test case]
Connect to a x2go server on a session that has file sharing or audo-forwarding enabled -> Error message "SCP: Warning: status code 1 received: scp: ~<user>/.x2go/ssh: No such file or directory" needs to be clicked away with "ok".
[Regression potential]
Very low as the patch removes "~<user>" from the ssh string which is the same as just using no path spec (":") as the default is the home dir of the logged in remote user.
--------------------------------------------------------------------------
The recent CVE fix broke SCP support in libssh, which X2Go Client (x2goclient) relies on.
Sessions now fail with error messages such as "SCP: Warning: status code 1 received: scp: ~username/.x2go/ssh: No such file or directory\n". (Also note the literal "\n" there, but I guess we don't really need to care about that.)
The previous version worked fine and rolling the libssh4 package back fixes this issue, but also leaves users vulnerable to the fixed security issue in its scp implementation.
I've been looking at the debdiff, but spotting the actual changes is very difficult due to the reformatting that was done at the same time. This degraded the patch(es) into one big blob. |
|
2020-01-02 09:38:44 |
Graham Inggs |
x2goclient (Ubuntu Xenial): status |
Confirmed |
In Progress |
|
2020-01-02 09:41:49 |
Graham Inggs |
x2goclient (Ubuntu Bionic): status |
Confirmed |
In Progress |
|
2020-01-02 09:42:02 |
Graham Inggs |
x2goclient (Ubuntu Eoan): status |
Confirmed |
In Progress |
|
2020-01-06 03:52:57 |
Kevin Normoyle |
bug |
|
|
added subscriber Kevin Normoyle |
2020-01-24 16:43:06 |
Timo Aaltonen |
x2goclient (Ubuntu Disco): status |
Confirmed |
Invalid |
|
2020-01-24 16:44:01 |
Timo Aaltonen |
x2goclient (Ubuntu Eoan): status |
In Progress |
Fix Committed |
|
2020-01-24 16:44:03 |
Timo Aaltonen |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2020-01-24 16:44:05 |
Timo Aaltonen |
bug |
|
|
added subscriber SRU Verification |
2020-01-24 16:44:10 |
Timo Aaltonen |
tags |
|
verification-needed verification-needed-eoan |
|
2020-01-24 16:45:15 |
Timo Aaltonen |
x2goclient (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2020-01-24 16:45:25 |
Timo Aaltonen |
tags |
verification-needed verification-needed-eoan |
verification-needed verification-needed-bionic verification-needed-eoan |
|
2020-01-24 16:47:08 |
Timo Aaltonen |
x2goclient (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2020-01-24 16:47:19 |
Timo Aaltonen |
tags |
verification-needed verification-needed-bionic verification-needed-eoan |
verification-needed verification-needed-bionic verification-needed-eoan verification-needed-xenial |
|
2020-01-25 08:41:31 |
Mathew Hodson |
bug task deleted |
libssh (Ubuntu Eoan) |
|
|
2020-01-25 08:41:38 |
Mathew Hodson |
bug task deleted |
libssh (Ubuntu Disco) |
|
|
2020-01-25 08:41:54 |
Mathew Hodson |
bug task deleted |
libssh (Ubuntu Bionic) |
|
|
2020-01-25 08:42:00 |
Mathew Hodson |
bug task deleted |
libssh (Ubuntu Xenial) |
|
|
2020-01-25 08:42:08 |
Mathew Hodson |
bug task deleted |
libssh (Ubuntu) |
|
|
2020-01-25 08:58:05 |
Mathew Hodson |
x2goclient (Ubuntu Disco): status |
Invalid |
Won't Fix |
|
2020-01-27 18:12:57 |
Sylvain CUAZ |
tags |
verification-needed verification-needed-bionic verification-needed-eoan verification-needed-xenial |
verification-done-bionic verification-needed verification-needed-eoan verification-needed-xenial |
|
2020-01-28 11:33:35 |
Sylvain CUAZ |
tags |
verification-done-bionic verification-needed verification-needed-eoan verification-needed-xenial |
verification-done-bionic verification-done-xenial verification-needed verification-needed-eoan |
|
2020-01-28 16:09:00 |
Alex Potapenko |
tags |
verification-done-bionic verification-done-xenial verification-needed verification-needed-eoan |
verification-done-bionic verification-done-eoan verification-done-xenial verification-needed |
|
2020-01-28 16:20:16 |
Graham Inggs |
tags |
verification-done-bionic verification-done-eoan verification-done-xenial verification-needed |
verification-done verification-done-bionic verification-done-eoan verification-done-xenial |
|
2020-02-03 12:31:35 |
Launchpad Janitor |
x2goclient (Ubuntu Eoan): status |
Fix Committed |
Fix Released |
|
2020-02-03 12:31:40 |
Ćukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2020-02-03 12:31:51 |
Launchpad Janitor |
x2goclient (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2020-02-03 12:32:00 |
Launchpad Janitor |
x2goclient (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|