"Please note::: This release fixes a severe vulnerability in X2Go Server
that allowed an attacker with user permissions to gain root access to
the X2Go Server machine. Everyone, please upgrade your X2Go Server
I just added x2goserver-220.127.116.11 to tree, it works fine with stable x2goclient and libssh (and openssh[-hpn] on the server), so it can be stabled to fix this vulnerability
Thanks for the report
18.104.22.168 fixed the vulnerability but introduced a small bug when session ID strings contained dot characters.
So arches please test and mark stable =net-misc/x2goserver-22.214.171.124 instead, thanks!
Another hotfix release (this time for remote printing) came, so I removed the previous stable candidates. Sorry for the noise
Arches, new stable target is =net-misc/x2goserver-126.96.36.199
Vulnerable versions removed from tree
Maintainers and Arches thank you for your work.
GLSA Request filed.
This issue was resolved and addressed in
GLSA 201405-26 at http://security.gentoo.org/glsa/glsa-201405-26.xml
by GLSA coordinator Mikle Kolyada (Zlogene).