Package: gvfs-daemons; Maintainer for gvfs-daemons is Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>; Source for gvfs-daemons is src:gvfs (PTS, buildd, popcon).
Reported by: Simon McVittie <smcv@debian.org>
Date: Tue, 11 Jun 2019 16:48:01 UTC
Severity: grave
Tags: fixed-upstream, patch, security
Found in version gvfs/1.14.1-1
Fixed in versions 1.38.1-5, 1.40.1-3
Done: Simon McVittie <smcv@debian.org>
Forwarded to https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a
Reply or subscribe to this bug.
View this report as an mbox folder, status mbox, maintainer mbox
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Reply sent
to Simon McVittie <smcv@debian.org>
:
You have taken responsibility.
(Tue, 11 Jun 2019 17:03:06 GMT) (full text, mbox, link).
Message #10 received at 930376-done@bugs.debian.org (full text, mbox, reply):
Reply sent
to Simon McVittie <smcv@debian.org>
:
You have taken responsibility.
(Tue, 11 Jun 2019 17:03:09 GMT) (full text, mbox, link).
Message #15 received at 930376-done@bugs.debian.org (full text, mbox, reply):
Changed Bug title to 'CVE-2019-12795: gvfsd GetConnection() missing authorization check' from 'gvfsd GetConnection() missing authorization check'.
Request was from Simon McVittie <smcv@debian.org>
to control@bugs.debian.org
.
(Tue, 11 Jun 2019 22:51:03 GMT) (full text, mbox, link).
Changed Bug title to 'gvfs: CVE-2019-12795: gvfsd GetConnection() missing authorization check' from 'CVE-2019-12795: gvfsd GetConnection() missing authorization check'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 12 Jun 2019 08:36:09 GMT) (full text, mbox, link).
Changed Bug title to 'CVE-2019-12795: gvfsd GetConnection() missing authorization check' from 'gvfs: CVE-2019-12795: gvfsd GetConnection() missing authorization check'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 12 Jun 2019 08:39:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.