Debian Package Tracker

From: Simon McVittie <smcv@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted gvfs 1.38.1-4 (source) into unstable
Date: Wed, 05 Jun 2019 08:39:28 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 05 Jun 2019 08:34:17 +0100
Source: gvfs
Architecture: source
Version: 1.38.1-4
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 927221 929755
Changes:
 gvfs (1.38.1-4) unstable; urgency=high
 .
   * Team upload
   * Update from upstream gnome-3-30 branch to fix the admin backend
     (Closes: #929755)
     - Implement query_info_on_read/write to fix some race conditions
       (CVE-2019-12448)
     - Ensure that created files get the correct ownership (CVE-2019-12247)
     - Ensure that copied files get the correct ownership (CVE-2019-12449)
   * Remove obsolete version number from fuse dependency.
     gvfs needs fuse (>= 2.8.4), but that version is older than oldstable,
     so we can safely simplify to "Depends: fuse".
     The versioned dependency is not satisfied by fuse3's unversioned
     "Provides: fuse", but the unversioned dependency is. (Closes: #927221)
Checksums-Sha1:
 0a20e5deca4d41f356440d22525244938e75dbc7 3392 gvfs_1.38.1-4.dsc
 234c4e67894d4c7b367e2368fc81c6066bb76499 61796 gvfs_1.38.1-4.debian.tar.xz
 cd17ef82c20092a655b4c7e079952341ee9cae79 18685 gvfs_1.38.1-4_source.buildinfo
Checksums-Sha256:
 238c177834943fe12c4dde3c1a5143fcc7223c6e3adb4a967e201346c22166dd 3392 gvfs_1.38.1-4.dsc
 3ebbd285adaf0afccf38cdbcd8bc8d91eae4dea19dfff00903d7d31db4a9f55e 61796 gvfs_1.38.1-4.debian.tar.xz
 e5b09ebac116477f6833e49b7307fc7426cb54f0ee867bda4fd4902000632963 18685 gvfs_1.38.1-4_source.buildinfo
Files:
 5b6ba25ceaab4078586c61b68a008de4 3392 gnome optional gvfs_1.38.1-4.dsc
 4556da0a9d4e0f16d1236b0b31aafcbb 61796 gnome optional gvfs_1.38.1-4.debian.tar.xz
 74f490ae3acf50249368652205cbe444 18685 gnome optional gvfs_1.38.1-4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlz3eSkACgkQ4FrhR4+B
TE9JwRAApKKxa2Ck/klnFJbFwpsoGkVDS+MQ4fkITBoGVeu5cTxOc3mW87wlhwP3
vItW8MbdesvKExBT8IucA4IQjufT7N/OgKePNde5Hjg+9JONaAvDGv/EZJSvcmUc
CWvXgIszLODVvzwFztiZGrikFwKuzH8XL2APdynBgeq8BZCnzzJE1rfqALccLRLl
Fo8SECgcYntp1eMnyxpE4aHY3I+GF+kI78zdrHv5qg+kPVsw8RvRmROyk+oWJPgz
yJD2KMaP4uB5LT3Hg4De0gNv3zrArbzBT0Bj7/v/qlCsNwr4wdbSAA8/paAiT8rH
LNgssXu3X6eLMBcJrNooSLJX2LE3Dj30taVVUytsC0cSAZ+fkKYhI1AU6Gy81oM/
e5y07VIdOmYtjoKboDaBIEK8HKokBG9dU2xrgp4u11S46KRQfUYmvBfGw+QHJkd6
cv2srgYhbqggCl1PDNGYnn1ypfA+V6gDWN1LfzYtC0m5V9IKvQh5OXWch2zRJeOP
ZUUFLnxozGqDDlHBshh7oTEpQ+W995hurCGH5RfVsHNgwCGQGLK8nDDKIfrrg/nX
dXSmHFxiC3a/H5BXFeypq0Ky1jjLflKb7bXGdwyVsDf0ba7dF+va4OnlNIcAlNNy
qykhKUT3u/12pwn4kaziBYUe6BRtD1bffCnR6TGBVQaRTzju8uA=
=eOW7
-----END PGP SIGNATURE-----
News for package gvfs
