PublicDateAtUSN: 2019-05-29
Candidate: CVE-2019-12448
PublicDate: 2019-05-29 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12448
 https://ubuntu.com/security/notices/USN-4053-1
Description:
 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
 daemon/gvfsbackendadmin.c has race conditions because the admin backend
 doesn't implement query_info_on_read/write.
Ubuntu-Description:
Notes:
Bugs:
 https://gitlab.gnome.org/GNOME/gvfs/issues/21
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]


Patches_gvfs:
 upstream: https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e
 upstream: https://gitlab.gnome.org/GNOME/gvfs/commit/a1c2e7ecab0d6457fa2227d92e3569c08516eac5 (3.30)
 upstream: https://gitlab.gnome.org/GNOME/gvfs/commit/464bbc7e4e7fdfc3cb426557562038408b6108c5 (3.32)
upstream_gvfs: needs-triage
precise/esm_gvfs: DNE
trusty_gvfs: ignored (out of standard support)
trusty/esm_gvfs: DNE
xenial_gvfs: not-affected (code not present)
esm-infra/xenial_gvfs: not-affected (code not present)
bionic_gvfs: released (1.36.1-0ubuntu1.3.3)
cosmic_gvfs: released (1.38.1-0ubuntu1.3.2)
disco_gvfs: released (1.40.1-1ubuntu0.1)
devel_gvfs: released (1.40.1-1ubuntu1)