-
- Downloads
Import Debian changes 1.38.1-5
gvfs (1.38.1-5) unstable; urgency=high
* Team upload
* d/p/gvfsdaemon-Check-that-the-connecting-client-is-the-same-u.patch:
Add missing authentication, preventing a local attacker from connecting
to an abstract socket address learned from netstat(8) and issuing
arbitrary D-Bus method calls
* d/p/gvfsdaemon-Only-accept-EXTERNAL-authentication.patch:
Harden private D-Bus connection by rejecting the more complicated
DBUS_COOKIE_SHA1 authentication mechanism and only accepting EXTERNAL.
gvfs (1.38.1-4) unstable; urgency=high
* Team upload
* Update from upstream gnome-3-30 branch to fix the admin backend
(Closes: #929755)
- Implement query_info_on_read/write to fix some race conditions
(CVE-2019-12448)
- Ensure that created files get the correct ownership (CVE-2019-12247)
- Ensure that copied files get the correct ownership (CVE-2019-12449)
* Remove obsolete version number from fuse dependency.
gvfs needs fuse (>= 2.8.4), but that version is older than oldstable,
so we can safely simplify to "Depends: fuse".
The versioned dependency is not satisfied by fuse3's unversioned
"Provides: fuse", but the unversioned dependency is. (Closes: #927221)
parent
df241a53
No related branches found
No related tags found
Showing
- debian/changelog 30 additions, 0 deletionsdebian/changelog
- debian/control 1 addition, 1 deletiondebian/control
- debian/control.in 1 addition, 1 deletiondebian/control.in
- debian/patches/admin-Add-query_info_on_read-write-functionality.patch 131 additions, 0 deletions...es/admin-Add-query_info_on_read-write-functionality.patch
- debian/patches/admin-Allow-changing-file-owner.patch 30 additions, 0 deletionsdebian/patches/admin-Allow-changing-file-owner.patch
- debian/patches/admin-Ensure-correct-ownership-when-moving-to-file-uri.patch 80 additions, 0 deletions...in-Ensure-correct-ownership-when-moving-to-file-uri.patch
- debian/patches/admin-Use-fsuid-to-ensure-correct-file-ownership.patch 86 additions, 0 deletions...es/admin-Use-fsuid-to-ensure-correct-file-ownership.patch
- debian/patches/gvfsdaemon-Check-that-the-connecting-client-is-the-same-u.patch 89 additions, 0 deletions...emon-Check-that-the-connecting-client-is-the-same-u.patch
- debian/patches/gvfsdaemon-Only-accept-EXTERNAL-authentication.patch 51 additions, 0 deletions...ches/gvfsdaemon-Only-accept-EXTERNAL-authentication.patch
- debian/patches/ref-jobs-in-thread.patch 4 additions, 4 deletionsdebian/patches/ref-jobs-in-thread.patch
- debian/patches/series 6 additions, 0 deletionsdebian/patches/series
Loading
Please register or sign in to comment