Format: 1.8 Date: Fri, 05 Jul 2019 08:31:52 -0400 Source: gvfs Binary: gvfs gvfs-backends gvfs-bin gvfs-daemons gvfs-fuse gvfs-libs Architecture: arm64 arm64_translations Version: 1.40.1-1ubuntu0.1 Distribution: disco Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: gvfs - userspace virtual filesystem - GIO module gvfs-backends - userspace virtual filesystem - backends gvfs-bin - userspace virtual filesystem - deprecated command-line tools gvfs-daemons - userspace virtual filesystem - servers gvfs-fuse - userspace virtual filesystem - fuse server gvfs-libs - userspace virtual filesystem - private libraries Changes: gvfs (1.40.1-1ubuntu0.1) disco-security; urgency=medium . * SECURITY UPDATE: file ownership mishandling - debian/patches/CVE-2019-12447-1.patch: allow changing file owner in daemon/gvfsbackendadmin.c. - debian/patches/CVE-2019-12447-2.patch: use fsuid to ensure correct file ownership in daemon/gvfsbackendadmin.c. - CVE-2019-12447 * SECURITY UPDATE: race conditions in admin backend - debian/patches/CVE-2019-12448.patch: add query_info_on_read/write functionality in daemon/gvfsbackendadmin.c. - CVE-2019-12448 * SECURITY UPDATE: user and group ownership mishandling during move - debian/patches/CVE-2019-12449.patch: ensure correct ownership when moving to file:// uri in daemon/gvfsbackendadmin.c. - CVE-2019-12449 * SECURITY UPDATE: incorrect D-Bus server socket restrictions - debian/patches/CVE-2019-12795-1.patch: check that the connecting client is the same user in daemon/gvfsdaemon.c. - debian/patches/CVE-2019-12795-2.patch: only accept EXTERNAL authentication in daemon/gvfsdaemon.c. - CVE-2019-12795 Checksums-Sha1: 96cd5573f0f86ff8014c103dc78294052b49d6ec 1844696 gvfs-backends-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb 12b2d2fa3224d20b4afaf617f073b057fd6db5e1 307796 gvfs-backends_1.40.1-1ubuntu0.1_arm64.deb 14bb4144109d439b9902722d5fac185b097b05d7 4932 gvfs-bin_1.40.1-1ubuntu0.1_arm64.deb 3d412f07d48dd157cdd6ab9a490bfc96577c2f9d 530644 gvfs-daemons-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb 33048ab9678ad0083a2c27f33ea5caed08fff595 106904 gvfs-daemons_1.40.1-1ubuntu0.1_arm64.deb 37db202661542cc8f57ac92d912874b5979f6cbd 446220 gvfs-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb a635a267c51112ffa862de04c876c7419044965a 44740 gvfs-fuse-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb 0af79404342259841520a170268954a1d76d2d0b 16404 gvfs-fuse_1.40.1-1ubuntu0.1_arm64.deb 1d35efcb5954d588cafa2fa1a73cc65c9854e345 482812 gvfs-libs-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb 5b67f6a30c87761706ad719446e158f083e0065b 90988 gvfs-libs_1.40.1-1ubuntu0.1_arm64.deb abafb3dd0a9676c7761c28a6b31ef7e81f03f00d 24369 gvfs_1.40.1-1ubuntu0.1_arm64.buildinfo 20a77a4eb3ab3a63c5a77822e0ce9396c57a68b6 106460 gvfs_1.40.1-1ubuntu0.1_arm64.deb 84df28e7ebfbf0a8448f100e1dc3d380fd70cf6a 1568488 gvfs_1.40.1-1ubuntu0.1_arm64_translations.tar.gz Checksums-Sha256: eb2f55eaa55b90e406f202b701152317461c72256ec3eb5e9c74774ceac08e3a 1844696 gvfs-backends-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb dec15ee419dd684deb2fcb8b06e6e263671e4831f0193a01da36a25dda872162 307796 gvfs-backends_1.40.1-1ubuntu0.1_arm64.deb 0f915859ca9b8ca9f6e0f0e2a8d0ceb318d9db0d8d88aa3af7a91e817d658005 4932 gvfs-bin_1.40.1-1ubuntu0.1_arm64.deb e54ff3250993a01778d2c6e6e1d1481863f4a4b7992e349e3c6749abd7426f9c 530644 gvfs-daemons-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb 72d0dbb3f70da3b505e9cf83c4905e5f0478988423c5e314147fd096053fec0f 106904 gvfs-daemons_1.40.1-1ubuntu0.1_arm64.deb fce70c6ef22c50a9b5a15e655cac8f5e969e4bbf84bed26f99ac820452b41c6e 446220 gvfs-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb 2d7824c7da163f149e76c1a5886266fa850886e7a4ae6a14c80cfbf8da9a7911 44740 gvfs-fuse-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb 9d4d6fed9b56d8ca46dcc1c093731327b64e63c4404628b8c7e7a09e79fc8b00 16404 gvfs-fuse_1.40.1-1ubuntu0.1_arm64.deb cc36644a170a40232a9a591a8c58f286f0eb8ffcb1cfa2dee1517c5951fd8e1c 482812 gvfs-libs-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb 53603d08fe7a051d195fe76e1226ce80c34778fbba8cdf80e437a9a355255351 90988 gvfs-libs_1.40.1-1ubuntu0.1_arm64.deb 24dee8c336082c8bc9a49c333260d0649b43ec95133047359b85e5a4bbb716e8 24369 gvfs_1.40.1-1ubuntu0.1_arm64.buildinfo 9a5f9d7b0e1348327044bb5b08949a2bb7bdb57be18fa42423d8ee7fa65e057e 106460 gvfs_1.40.1-1ubuntu0.1_arm64.deb c6bd810061196131a8b76bbf73f43975fcca0de0bf9450fd479a4dc43cefd859 1568488 gvfs_1.40.1-1ubuntu0.1_arm64_translations.tar.gz Files: 40373d129fd33ea0a92339cd89cbbef8 1844696 debug optional gvfs-backends-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb 5ed279a24bc22710c39028c6b921a394 307796 gnome optional gvfs-backends_1.40.1-1ubuntu0.1_arm64.deb 99520a8d0da4f58631049bdd95f929be 4932 oldlibs optional gvfs-bin_1.40.1-1ubuntu0.1_arm64.deb d425039133e5ffe027ad80f4af3eafd8 530644 debug optional gvfs-daemons-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb 4108644d4ed022ea483c171fe96f0a40 106904 libs optional gvfs-daemons_1.40.1-1ubuntu0.1_arm64.deb d82c6eebb8e5f158a2e2771ca2b40ae4 446220 debug optional gvfs-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb 4d0add9f0e64a90d9bea8581867b87e6 44740 debug optional gvfs-fuse-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb e1ef941d88f0877782ef1cd0cc4410d7 16404 gnome optional gvfs-fuse_1.40.1-1ubuntu0.1_arm64.deb 762b97e123e2b6b8e7ebee1142a8600a 482812 debug optional gvfs-libs-dbgsym_1.40.1-1ubuntu0.1_arm64.ddeb 34990c9427cbb2eb8d05535026187c05 90988 libs optional gvfs-libs_1.40.1-1ubuntu0.1_arm64.deb 6a6203acc6467f0ac5213e8624dc8132 24369 gnome optional gvfs_1.40.1-1ubuntu0.1_arm64.buildinfo 6c41dbe86cf07d76553f1ac62450d2e3 106460 libs optional gvfs_1.40.1-1ubuntu0.1_arm64.deb e7717f93f14abb448f7fb1877def8436 1568488 raw-translations - gvfs_1.40.1-1ubuntu0.1_arm64_translations.tar.gz Original-Maintainer: Debian GNOME Maintainers