nixpkgs-suyu/pkgs/development/libraries/gvfs
worldofpeace 02ea0d3959 gvfs: fix CVE-2019-1244{7.8.9}
This is a version of #63481 for master.

CVE-2019-12447:
daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is
not used.

CVE-2019-12448:
daemon/gvfsbackendadmin.c has race conditions because the admin backend
doesn't implement query_info_on_read/write.

CVE-2019-12449:
daemon/gvfsbackendadmin.c mishandles a file's user and group ownership
during move (and copy with G_FILE_COPY_ALL_METADATA) operations
from admin:// to file:// URIs, because root privileges are unavailable.

Upstream MR: https://gitlab.gnome.org/GNOME/gvfs/merge_requests/48
2019-06-18 19:48:47 -04:00
..
default.nix gvfs: fix CVE-2019-1244{7.8.9} 2019-06-18 19:48:47 -04:00