kumquat-buildroot/package/gvfs
Fabrice Fontaine a9f38acbf2 package/gvfs: fix CVE-2019-12795
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x
before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server
socket without configuring an authorization rule. A local attacker could
connect to this server socket and issue D-Bus method calls. (Note that
the server socket only accepts a single connection, so the attacker
would have to discover the server and connect to the socket before its
owner does.)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-03-29 18:35:22 +02:00
..
0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
0002-admin-Add-query_info_on_read-write-functionality.patch
0003-admin-Allow-changing-file-owner.patch package/gvfs: fix CVE-2019-12447 2020-03-29 18:34:43 +02:00
0004-admin-Use-fsuid-to-ensure-correct-file-ownership.patch package/gvfs: fix CVE-2019-12447 2020-03-29 18:34:43 +02:00
0005-admin-Ensure-correct-ownership-when-moving-to-file-uri.patch package/gvfs: fix CVE-2019-12449 2020-03-29 18:35:05 +02:00
0006-gvfsdaemon-Check-that-the-connecting-client-is-the-same-user.patch package/gvfs: fix CVE-2019-12795 2020-03-29 18:35:22 +02:00
Config.in
gvfs.hash
gvfs.mk package/gvfs: fix CVE-2019-12795 2020-03-29 18:35:22 +02:00