Package "gvfs-libs"
Name: |
gvfs-libs
|
Description: |
userspace virtual filesystem - private libraries
|
Latest version: |
1.36.1-0ubuntu1.3.3 |
Release: |
bionic (18.04) |
Level: |
updates |
Repository: |
main |
Head package: |
gvfs |
Homepage: |
https://wiki.gnome.org/Projects/gvfs |
Links
Download "gvfs-libs"
Other versions of "gvfs-libs" in Bionic
Changelog
gvfs (1.36.1-0ubuntu1.3.3) bionic-security; urgency=medium
* SECURITY UPDATE: file ownership mishandling
- debian/patches/CVE-2019-12447-1.patch: allow changing file owner in
daemon/gvfsbackendadmin.c.
- debian/patches/CVE-2019-12447-2.patch: use fsuid to ensure correct
file ownership in daemon/gvfsbackendadmin.c.
- CVE-2019-12447
* SECURITY UPDATE: race conditions in admin backend
- debian/patches/CVE-2019-12448.patch: add query_info_on_read/write
functionality in daemon/gvfsbackendadmin.c.
- CVE-2019-12448
* SECURITY UPDATE: user and group ownership mishandling during move
- debian/patches/CVE-2019-12449.patch: ensure correct ownership when
moving to file:// uri in daemon/gvfsbackendadmin.c.
- CVE-2019-12449
* SECURITY UPDATE: incorrect D-Bus server socket restrictions
- debian/patches/CVE-2019-12795-1.patch: check that the connecting
client is the same user in daemon/gvfsdaemon.c.
- debian/patches/CVE-2019-12795-2.patch: only accept EXTERNAL
authentication in daemon/gvfsdaemon.c.
- CVE-2019-12795
-- Marc Deslauriers <email address hidden> Fri, 05 Jul 2019 09:04:54 -0400
|
Source diff to previous version |
CVE-2019-12447 |
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. |
CVE-2019-12448 |
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implemen |
CVE-2019-12449 |
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and |
CVE-2019-12795 |
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket witho |
|
gvfs (1.36.1-0ubuntu1.3.2) bionic; urgency=medium
* No change rebuild to pick up the current samba version.
The patch git_smb_nt1.patch added to fix smb browsing requires a new
libsmb api to work and that's checked for at build time (lp: #1778322)
-- Sebastien Bacher <email address hidden> Wed, 08 May 2019 10:48:17 +0200
|
Source diff to previous version |
1778322 |
gvfs-smb-browse can't browse samba/smb tree |
|
gvfs (1.36.1-0ubuntu1.3) bionic-security; urgency=medium
* SECURITY UPDATE: Incorrect authorization
- debian/patches/CVE-2019-3827.patch: fix in
daemon/gvfsbackendadmin.c.
- CVE-2019-3827
-- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Feb 2019 09:40:15 -0300
|
Source diff to previous version |
CVE-2019-3827 |
Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password |
|
gvfs (1.36.1-0ubuntu1.2) bionic; urgency=medium
* debian/patches/git_smb_writing.patch:
- Use O_RDWR to fix fstat when writing (lp: #1803158)
* debian/patches/git_invalid_autorun.patch:
- common: Prevent crashes on invalid autorun file (lp: #1798725)
* debian/patches/git_channel_lock.patch:
- daemon: Prevent deadlock and invalid read when closing channels
(lp: #1630905)
* debian/patches/git_dav_lockups.patch:
- workaround libsoup limitation to prevent dav lockups (lp: #1792878)
* debian/patches/git_smb_nt1.patch:
- smbbrowse: Force NT1 protocol version for workgroup support
(lp: #1778322)
* debian/patches/git_smb_directory.patch:
- smb: Add workaround to fix removal of non-empty dir (lp: #1803190)
-- Sebastien Bacher <email address hidden> Tue, 13 Nov 2018 17:09:03 +0100
|
Source diff to previous version |
1803158 |
Copying file to Windows server (SMB2) via gvfsd-fuse and gvfsd-smb fails with EINVAL |
1798725 |
gvfs may crash when parsing non-valid UTF8 in autorun.inf |
1630905 |
Loss of lan connection causes applications using gvfsd-sftp to hang until demon is killed |
1792878 |
gvfs lockup due to max number of connections |
1778322 |
gvfs-smb-browse can't browse samba/smb tree |
1803190 |
non-empty directory will not delete |
|
gvfs (1.36.1-0ubuntu1.1) bionic; urgency=medium
* d/patches/0010-add-missing-source-tag.patch:
- Backport upstream patch for udisks2 to fix detection
of an ejected USB device (LP: #1762595)
-- Sean Davis <email address hidden> Sun, 24 Jun 2018 08:08:52 -0400
|
1762595 |
Thunar incorrectly thinks USB storage device hasn't finished ejecting |
|
About
-
Send Feedback to @ubuntu_updates