CVE-2019-12448 (retired)

Priority
Description
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c has race conditions because the admin backend
doesn't implement query_info_on_read/write.
Assigned-to
mdeslaur
Package
Source: gvfs (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.36.1-0ubuntu1.3.3)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.38.1-0ubuntu1.3.2)
Ubuntu 19.04 (Disco Dingo):released (1.40.1-1ubuntu0.1)
Ubuntu 19.10 (Eoan):released (1.40.1-1ubuntu1)
Patches:
Upstream:https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e
Upstream:https://gitlab.gnome.org/GNOME/gvfs/commit/a1c2e7ecab0d6457fa2227d92e3569c08516eac5 (3.30)
Upstream:https://gitlab.gnome.org/GNOME/gvfs/commit/464bbc7e4e7fdfc3cb426557562038408b6108c5 (3.32)
More Information

Updated: 2019-07-09 13:14:51 UTC (commit 8bec5009333b6922e5b688a0467da16662ae90b9)