gvfs: fix CVE-2019-12795 - nixpkgs - Downstream nixpkgs tree for Spectrum

diff options

author	worldofpeace <worldofpeace@protonmail.ch>	2019-06-18 19:47:39 -0400
committer	worldofpeace <worldofpeace@protonmail.ch>	2019-06-18 19:48:47 -0400
commit	fae9e165bb2cce50da9d10e16edd91c5ce41bf09 (patch)
tree	d7d407fab18bc4024964dfae9d7c06a26c1d0f7e /pkgs/development/libraries/netcdf-cxx4
parent	02ea0d3959ba5a8f2108d3bc8f5a57635d758713 (diff)
download	nixpkgs-fae9e165bb2cce50da9d10e16edd91c5ce41bf09.tar nixpkgs-fae9e165bb2cce50da9d10e16edd91c5ce41bf09.tar.gz nixpkgs-fae9e165bb2cce50da9d10e16edd91c5ce41bf09.tar.bz2 nixpkgs-fae9e165bb2cce50da9d10e16edd91c5ce41bf09.tar.lz nixpkgs-fae9e165bb2cce50da9d10e16edd91c5ce41bf09.tar.xz nixpkgs-fae9e165bb2cce50da9d10e16edd91c5ce41bf09.tar.zst nixpkgs-fae9e165bb2cce50da9d10e16edd91c5ce41bf09.zip

gvfs: fix CVE-2019-12795

This is a version of #63481 for master.

Vulnerability Description:
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before
1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without
configuring an authorization rule. A local attacker could connect to this server
socket and issue D-Bus method calls. Note that the server socket only accepts
a single connection, so the attacker would have to discover the server and connect
to the socket before its owner does.

#63301

Diffstat (limited to 'pkgs/development/libraries/netcdf-cxx4')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: