User Tools

Site Tools


doc:release-notes-mswin:x2goclient-4.0.3.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
doc:release-notes-mswin:x2goclient-4.0.3.2 [2015/03/01 12:27]
mikedep333 4.0.3.2-20150301
doc:release-notes-mswin:x2goclient-4.0.3.2 [2015/03/29 23:07]
mikedep333 [Security Update: 4.0.3.2-20150329] Whoops, the prior version of VcXsrv was 1.15.2.4
Line 1: Line 1:
 ====== Windows-Specific Release notes for X2Go Client 4.0.3.2 ====== ====== Windows-Specific Release notes for X2Go Client 4.0.3.2 ======
  
 +===== Security Update: 4.0.3.2-20150329 =====
 +
 +On 2015-03-29, 4.0.3.2-20150329 was released with the following changes:
 +<​code>​
 +    - Windows: Update bundled VcXsrv from 1.15.2.4-xp+vc2013+x2go1 to
 +      1.15.2.5 (X2Go/​Arctica Build)
 +      The differences relevant to X2Go are:
 +        + VcXsrv'​s bundled version of openssl was updated from 1.0.1k
 +          to 1.0.1m (fixes the multiple CVEs announced on 2015-03-19)
 +        + VcXsrv'​s bundled version of libXfont was updated from 1.4.8
 +          to 1.4.9 (Fixes CVE-2015-1802 through CVE-2015-1804)
 +    - Windows: Update bundled Win32 OpenSSL from 1.0.1L to 1.0.1m,
 +      which fixes the multiple CVEs announced on 2015-03-19.
 +    - Windows: Update bundled PuTTY from 0.63 to 0.64.
 +      In addition to other changes, CVE-2015-2157 has been fixed.
 +    - Windows: Update bundled Cygwin openssl from 1.0.1k-1 to 1.0.2a-1.
 +      This update fixes the multiple CVEs announced on 2015-03-19
 +</​code>​
 +As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.
 ===== Security Update: 4.0.3.2-20150301 ===== ===== Security Update: 4.0.3.2-20150301 =====
  
 On 2015-03-01, 4.0.3.2-20150301 was released with the following changes: On 2015-03-01, 4.0.3.2-20150301 was released with the following changes:
  
-    - Windows: Update bundled VcXsrv from 1.15.2.3-xp+vc2013+x2go1 to 1.15.2.4-xp+vc2013+x2go1. The differences ​is that VcXsrv'​s bundled version of freetype was updated from 2.5.3 to 2.5.5. This freetype update fixes CVE-2014-9656 through CVE-2014-9675.+    - Windows: Update bundled VcXsrv from 1.15.2.3-xp+vc2013+x2go1 to 1.15.2.4-xp+vc2013+x2go1. The difference ​is that VcXsrv'​s bundled version of freetype was updated from 2.5.3 to 2.5.5. This freetype update fixes CVE-2014-9656 through CVE-2014-9675.
  
 As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update. As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.
Line 29: Line 48:
 ==== Current Builds ==== ==== Current Builds ====
  
-The regular build, x2goclient-4.0.3.2-20150301-setup.exe, is available under this folder: +The regular build, x2goclient-4.0.3.2-20150329-setup.exe, is available under this folder: 
-  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150301/+  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150329/
  
-A debug build, x2goclient-4.0.3.2-20150301-debug-setup.exe,​ is also available under the folder listed below. If you experience a bug and would like to assist with debugging it, this build is for you.+A debug build, x2goclient-4.0.3.2-20150329-debug-setup.exe,​ is also available under the folder listed below. If you experience a bug and would like to assist with debugging it, this build is for you.
  
-  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150301/​non-default-builds/​+  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150329/​non-default-builds/​
  
 ==== Previous Builds ==== ==== Previous Builds ====
  
 The regular builds, x2goclient-4.0.3.2-20150219-setup.exe through x2goclient-4.0.3.2-20150224-setup.exe,​ are available under these folders: The regular builds, x2goclient-4.0.3.2-20150219-setup.exe through x2goclient-4.0.3.2-20150224-setup.exe,​ are available under these folders:
 +  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150301/​
   * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150224/​   * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150224/​
   * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150219/​   * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150219/​
  
 The debug builds, x2goclient-4.0.3.2-20150219-debug-setup.exe through x2goclient-4.0.3.2-20150301-setup.exe,​ are also available under these folders. If you experience a bug and would like to assist with debugging it, these builds are for you. The debug builds, x2goclient-4.0.3.2-20150219-debug-setup.exe through x2goclient-4.0.3.2-20150301-setup.exe,​ are also available under these folders. If you experience a bug and would like to assist with debugging it, these builds are for you.
 +  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150301/​non-default-builds/​
   * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150224/​non-default-builds/​   * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150224/​non-default-builds/​
   * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150219/​non-default-builds/​   * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150219/​non-default-builds/​
doc/release-notes-mswin/x2goclient-4.0.3.2.txt · Last modified: 2015/05/09 02:25 by mikedep333