projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fc42ac0) | patch
package/gvfs: fix CVE-2019-12795
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sun, 29 Mar 2020 16:02:46 +0000 (18:02 +0200)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sun, 29 Mar 2020 16:35:22 +0000 (18:35 +0200)
commita9f38acbf2c28a9ec8c8e8e24e56b9ed4bc71778
tree00e60d539110e7c4564746c3a918b1222e6492a8tree
parentfc42ac086a1a897be5ca997e416040560aa15cb6commit | diff
package/gvfs: fix CVE-2019-12795

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x
before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server
socket without configuring an authorization rule. A local attacker could
connect to this server socket and issue D-Bus method calls. (Note that
the server socket only accepts a single connection, so the attacker
would have to discover the server and connect to the socket before its
owner does.)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/gvfs/0006-gvfsdaemon-Check-that-the-connecting-client-is-the-same-user.patch [new file with mode: 0644] blob
package/gvfs/gvfs.mk diff | blob | history