Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted gvfs 1.22.2-1+deb8u1 (source all amd64) into oldstable
Date: Wed, 19 Jun 2019 17:30:15 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Jun 2019 18:07:45 +0200
Source: gvfs
Binary: gvfs gvfs-daemons gvfs-libs gvfs-common gvfs-fuse gvfs-backends gvfs-bin gvfs-dbg
Architecture: source all amd64
Version: 1.22.2-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 gvfs       - userspace virtual filesystem - GIO module
 gvfs-backends - userspace virtual filesystem - backends
 gvfs-bin   - userspace virtual filesystem - binaries
 gvfs-common - userspace virtual filesystem - common data files
 gvfs-daemons - userspace virtual filesystem - servers
 gvfs-dbg   - userspace virtual filesystem - debugging information
 gvfs-fuse  - userspace virtual filesystem - fuse server
 gvfs-libs  - userspace virtual filesystem - private libraries
Changes:
 gvfs (1.22.2-1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2019-12795:
     daemon/gvfsdaemon.c in gvfsd from GNOME gvfs opened a private D-Bus server
     socket without configuring an authorization rule. A local attacker could
     connect to this server socket and issue D-Bus method calls. (Note that the
     server socket only accepts a single connection, so the attacker would have
     to discover the server and connect to the socket before its owner does.)
   * Add only-accept-external-authentication.patch for additional hardening.
Checksums-Sha1:
 17f2a0846f199aabb692ab548f0db1a559fabcfa 3442 gvfs_1.22.2-1+deb8u1.dsc
 73ed1a3249afe0218d2606105ff1d12690218941 1585720 gvfs_1.22.2.orig.tar.xz
 553a56ffac0c4d016c35bfbde758f55906cbcc0f 19764 gvfs_1.22.2-1+deb8u1.debian.tar.xz
 dfac64f23b07f970ca243bb0b51308b9bff32d72 737576 gvfs-common_1.22.2-1+deb8u1_all.deb
 4342bdfbb2cee3e6328e6a62f73f131c224b789c 334254 gvfs_1.22.2-1+deb8u1_amd64.deb
 8854679c1c33647a4eb2c53ee767f129fc0806d3 354120 gvfs-daemons_1.22.2-1+deb8u1_amd64.deb
 67ae88bc37e3b05a368dccecd6b7ea43c0935aaf 333734 gvfs-libs_1.22.2-1+deb8u1_amd64.deb
 71586bf0c187dbab2ebab591e50d553199133e4a 255284 gvfs-fuse_1.22.2-1+deb8u1_amd64.deb
 605a7c2baa6edb71b969a2c6870e86a9cd1e8d78 535298 gvfs-backends_1.22.2-1+deb8u1_amd64.deb
 9952ccace0a3907f2e00e4b08f0312ebb204f8d9 276170 gvfs-bin_1.22.2-1+deb8u1_amd64.deb
 24898a9e5e24296b6421ca2792fb8ef333584aa6 1839700 gvfs-dbg_1.22.2-1+deb8u1_amd64.deb
Checksums-Sha256:
 1dcde902c6a35b26e3a6ba16d9eb3105d32fe9f00ec7186291900eee348a3225 3442 gvfs_1.22.2-1+deb8u1.dsc
 8d08c4927b6c20d990498c23280017e7033b31a386f09b4c3ce5bedd20316250 1585720 gvfs_1.22.2.orig.tar.xz
 b42ac53f76d8531b3d00717dec03daae53f02b32521f4afa622db2fe0d4ca17f 19764 gvfs_1.22.2-1+deb8u1.debian.tar.xz
 7fa0daf949148a50dd45e2fb9d12646e3fecc117f63fa9c65dd536f4ac1b341a 737576 gvfs-common_1.22.2-1+deb8u1_all.deb
 d9cf1f707b455174663c7241d278d22142f37233ac1b0ef5f2fd32e5c2dcd74e 334254 gvfs_1.22.2-1+deb8u1_amd64.deb
 ee6b145f3816fef7d082070179edad3e9fb3493a976659e3147084a51c81cdb1 354120 gvfs-daemons_1.22.2-1+deb8u1_amd64.deb
 29ac82d0d917208a73b06d8b5dcf12ed09793e3f8ad1ae3d2d0d43ed6d8662bb 333734 gvfs-libs_1.22.2-1+deb8u1_amd64.deb
 635cfae979743d71f16c8ac03a84f7c4e53859e133630adb4227aec1cc6248a4 255284 gvfs-fuse_1.22.2-1+deb8u1_amd64.deb
 acabe80b304d54f731d351b1f4f69bc0f7009d7353acc44c96025c82180d7c42 535298 gvfs-backends_1.22.2-1+deb8u1_amd64.deb
 b98a5868d301143482999c2952946ac3ea847f73a8fa4e0ef13cda5f5445212e 276170 gvfs-bin_1.22.2-1+deb8u1_amd64.deb
 fb38659946ce9c1c572903178d5f76bee162c036ed01e869ba3935397b90e960 1839700 gvfs-dbg_1.22.2-1+deb8u1_amd64.deb
Files:
 406a1561939eb950b99cb40934726bbc 3442 gnome optional gvfs_1.22.2-1+deb8u1.dsc
 6b00ec682a6851bcdad7814dd799e228 1585720 gnome optional gvfs_1.22.2.orig.tar.xz
 8a8b6296a38f2b4f432cdab91afe0033 19764 gnome optional gvfs_1.22.2-1+deb8u1.debian.tar.xz
 a919375ed5a8399ee8905315e9624da1 737576 libs optional gvfs-common_1.22.2-1+deb8u1_all.deb
 3650a1619b29c7a87f9932b5eb549f64 334254 libs optional gvfs_1.22.2-1+deb8u1_amd64.deb
 01222b41abc7415845c66125d6c19d21 354120 libs optional gvfs-daemons_1.22.2-1+deb8u1_amd64.deb
 8cbcc9620a58d8e6743f7fe696339d1c 333734 libs optional gvfs-libs_1.22.2-1+deb8u1_amd64.deb
 44c6db056cad3f06d38da02a0ffc3daa 255284 gnome optional gvfs-fuse_1.22.2-1+deb8u1_amd64.deb
 03d308befe77b382f0605cf235a36a3a 535298 gnome optional gvfs-backends_1.22.2-1+deb8u1_amd64.deb
 870d6c7e203154fdc411f6a7cd42962d 276170 gnome optional gvfs-bin_1.22.2-1+deb8u1_amd64.deb
 a7290672c2bc140afd8f72a54dadc482 1839700 debug extra gvfs-dbg_1.22.2-1+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0KbcdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkkVkQALFV7CK7q0hUwaXrIsrtlg4LVmHhzvg075Za
kEIIZJiwU60M6q2IGqkwmDmSIHEoLQcjjsJ3dlcNUjYKQaStC55t1NQmlzps2wEl
zqJhQS9hZX2gv6R3RgToKdn1RUP2IPRG3iGK7lO4ZPr9FWqnuPKClxvyLk6UafiD
QVFFAF5KA5YGypi+nhw7RhnrJk73E2g3vq7njkDCbC686OttEEhGTYTnJO+smmtY
p6mo2+WwkPrrtn1jrWiCOhIcWgEpNXR5qzZMmHL3tY/R46IALpDlcPyvymVX84zU
kACx7yCds2WJyWnWeuCHZz8jXc/KAoRNI0irLqxtSHihGavZygm1/2WnAusaWoEk
Vk0NFZnCf24fPvZI6GREKVSleR1IdenMNmF8sZMOgBqIfzAxmySjVZTV01rqvZar
hZdwQkFW8SB4uQSPauYwVJ0gOUW65dThxJuXLIW2huvZKpaxZEHbi4n7QOL/UCnt
EoznB+j2T+JnER6uKqq3rsYMBKaAexBKZzSl8KspKZKuLuO1LiW6VKkQSQqubMzD
nXZEwBeb5Losxn0bOK+KTWXu379oqjHljBONVBGksnH85jebvBNOAUaDbnEuxy4v
9+NU1tpxlYMUUeJTaQDoRdNI2qCN/SWlE86bLrgPBjPd6ry1jILM7GjJLwAohQ0s
9GQTSFWC
=l6Sg
-----END PGP SIGNATURE-----
News for package gvfs
