Summary: | <dev-libs/glib-2.58.3-r1: file_copy_fallback does not properly restrict file permissions while a copy operation is in progress (CVE-2019-12450) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174 | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
dev-libs/glib-2.58.3-r1
|
Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2019-07-23 12:20:19 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f584ca053067b4aa6fb09cfe655ab260035366d2 commit f584ca053067b4aa6fb09cfe655ab260035366d2 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2019-07-23 13:00:09 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2019-07-23 13:00:23 +0000 dev-libs/glib: fix CVE-2019-12450 plus an unrelated small patch from upstream 2-58 branch. Bug: https://bugs.gentoo.org/690498 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Mart Raudsepp <leio@gentoo.org> dev-libs/glib/files/2.58.3-CVE-2019-12450.patch | 53 ++++ .../glib/files/2.58.3-gdbusmessage-limit-fix.patch | 120 ++++++++ dev-libs/glib/glib-2.58.3-r1.ebuild | 315 +++++++++++++++++++++ 3 files changed, 488 insertions(+) arm64 stable x86 stable ia64 stable amd64 stable hppa/sparc stable s390 stable ppc64 stable ppc stable arm stable alpha stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50dab61f330019e9173d8f24c424de5e12451831 commit 50dab61f330019e9173d8f24c424de5e12451831 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2019-07-28 20:21:39 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2019-07-28 20:22:37 +0000 dev-libs/glib: security cleanup Bug: https://bugs.gentoo.org/690498 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Mart Raudsepp <leio@gentoo.org> dev-libs/glib/glib-2.58.3.ebuild | 310 --------------------------------------- 1 file changed, 310 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/musl.git/commit/?id=1cff7d041fe6e0054c7d0cd5dadede5fd62271f8 commit 1cff7d041fe6e0054c7d0cd5dadede5fd62271f8 Author: stefson <herrtimson@yahoo.de> AuthorDate: 2019-07-25 15:26:42 +0000 Commit: Anthony G. Basile <blueness@gentoo.org> CommitDate: 2019-08-21 12:55:11 +0000 dev-libs/glib: add 2.58.3-r1 from tree Bug: https://bugs.gentoo.org/690498 Signed-off-by: Steffen Kuhn <nielson2@yandex.com> Signed-off-by: Anthony G. Basile <blueness@gentoo.org> dev-libs/glib/files/2.58.3-CVE-2019-12450.patch | 53 ++++ .../glib/files/2.58.3-gdbusmessage-limit-fix.patch | 120 ++++++++ dev-libs/glib/glib-2.58.3-r1.ebuild | 320 +++++++++++++++++++++ 3 files changed, 493 insertions(+) |