CVE-2019-12449

Priority
Description
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles a file's user and group ownership
during move (and copy with G_FILE_COPY_ALL_METADATA) operations from
admin:// to file:// URIs, because root privileges are unavailable.
Assigned-to
mdeslaur
Notes
Package
Source: gvfs (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.36.1-0ubuntu1.3.3)
Ubuntu 19.10 (Eoan Ermine):released (1.40.1-1ubuntu1)
Patches:
Upstream:https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90
Upstream:https://gitlab.gnome.org/GNOME/gvfs/commit/bed1e9685c9f65f6a3ff3b39dd8547db3e7e77f6 (3.30)
Upstream:https://gitlab.gnome.org/GNOME/gvfs/commit/ec939a01c278d1aaa47153f51b5c5f0887738dd9 (3.32)
More Information

Updated: 2020-01-29 20:04:44 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)