This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
doc:release-notes-mswin:x2goclient-4.0.3.1 [2014/12/14 16:40] mikedep333 [Windows-Specific Bug Fixes] "None" |
doc:release-notes-mswin:x2goclient-4.0.3.1 [2015/01/19 14:08] mikedep333 Add section: Security Update: 4.0.3.1-20150119 |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Windows-Specific Release notes for X2Go Client 4.0.3.1 ====== | ====== Windows-Specific Release notes for X2Go Client 4.0.3.1 ====== | ||
+ | |||
+ | ===== Security Update: 4.0.3.1-20150119 ===== | ||
+ | |||
+ | On 2015-01-19, 4.0.3.1-20150119 was released with the following changes: | ||
+ | |||
+ | - Windows: Win32 OpenSSL updates from 1.0.1j to 1.0.1L, which fixes the CVEs announced on 2015-01-08. | ||
+ | - Windows: Cygwin OpenSSL updated from 1.0.1j-1 to 1.0.1k-1, which fixes the CVEs announced on 2015-01-08. | ||
+ | - Windows: Bundle new version of VcXsrv: 1.15.2.2-xp+vc2013+x2go1. The differences from 1.15.2.1-xp+vc2013+x2go1 are that its bundled OpenSSL has been updated to 1.0.1k, and that xorg-server CVE-2014-8091..8103 have been fixed. | ||
+ | - Windows: Update libssh from 0.6.3 to 0.6.4 (while maintaining Pageant support). This fixes CVE-2014-8132, | ||
+ | |||
+ | As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities (except for libssh CVE-2014-8132.) However, as a precaution, we are releasing this updated build of X2Go Client for Windows. Unless an analysis is performed for each vulnerability, | ||
===== Major Windows-specific changes since 4.0.3.0-20141021 ===== | ===== Major Windows-specific changes since 4.0.3.0-20141021 ===== | ||
Line 49: | Line 60: | ||
[[http:// | [[http:// | ||
+ | |||
+ | TODO: List more bugs |