CVE-2019-12449 (retired)

Priority
Description
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles a file's user and group ownership
during move (and copy with G_FILE_COPY_ALL_METADATA) operations from
admin:// to file:// URIs, because root privileges are unavailable.
Assigned-to
mdeslaur
Package
Source: gvfs (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.36.1-0ubuntu1.3.3)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.38.1-0ubuntu1.3.2)
Ubuntu 19.04 (Disco Dingo):released (1.40.1-1ubuntu0.1)
Ubuntu 19.10 (Eoan):released (1.40.1-1ubuntu1)
Patches:
Upstream:https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90
Upstream:https://gitlab.gnome.org/GNOME/gvfs/commit/bed1e9685c9f65f6a3ff3b39dd8547db3e7e77f6 (3.30)
Upstream:https://gitlab.gnome.org/GNOME/gvfs/commit/ec939a01c278d1aaa47153f51b5c5f0887738dd9 (3.32)
More Information

Updated: 2019-07-09 13:14:51 UTC (commit 8bec5009333b6922e5b688a0467da16662ae90b9)