From announcement: "Please note::: This release fixes a severe vulnerability in X2Go Server that allowed an attacker with user permissions to gain root access to the X2Go Server machine. Everyone, please upgrade your X2Go Server installations." I just added x2goserver-4.0.1.10 to tree, it works fine with stable x2goclient and libssh (and openssh[-hpn] on the server), so it can be stabled to fix this vulnerability
Thanks for the report
4.0.1.10 fixed the vulnerability but introduced a small bug when session ID strings contained dot characters. So arches please test and mark stable =net-misc/x2goserver-4.0.1.11 instead, thanks!
Another hotfix release (this time for remote printing) came, so I removed the previous stable candidates. Sorry for the noise Arches, new stable target is =net-misc/x2goserver-4.0.1.12
amd64 stable
x86 stable
Vulnerable versions removed from tree
Maintainers and Arches thank you for your work. GLSA Request filed.
This issue was resolved and addressed in GLSA 201405-26 at http://security.gentoo.org/glsa/glsa-201405-26.xml by GLSA coordinator Mikle Kolyada (Zlogene).