projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 062d0f6) | patch
package/gvfs: fix CVE-2019-12449
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sun, 29 Mar 2020 16:02:45 +0000 (18:02 +0200)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sun, 29 Mar 2020 16:35:05 +0000 (18:35 +0200)
commitfc42ac086a1a897be5ca997e416040560aa15cb6
treead0de4a76ef6b61c78269f25ba92b165960186f5tree
parent062d0f6913ed6e787123b32d0d8ffe9703efe3cecommit | diff
package/gvfs: fix CVE-2019-12449

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles a file's user and group ownership
during move (and copy with G_FILE_COPY_ALL_METADATA) operations from
admin:// to file:// URIs, because root privileges are unavailable.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/gvfs/0005-admin-Ensure-correct-ownership-when-moving-to-file-uri.patch [new file with mode: 0644] blob
package/gvfs/gvfs.mk diff | blob | history