diff options
author | Ondrej Holy <oholy@redhat.com> | 2019-07-17 11:54:19 +0200 |
---|---|---|
committer | Ondrej Holy <oholy@redhat.com> | 2019-07-17 11:54:19 +0200 |
commit | e178d606bc67a717e71af2c67b1739e21b1b65ec (patch) | |
tree | f47b8f4ea44600c749ab7ef385efe1d7f3717024 | |
parent | 756edf6692aa245faedc9573bf88bfe78af3ead3 (diff) | |
download | gvfs-1.38.3.tar.gz |
Update NEWS for 1.38.3 release1.38.3
-rw-r--r-- | NEWS | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -1,3 +1,13 @@ +Major changes in 1.38.3 +======================= +* daemon: Only accept EXTERNAL authentication (CVE-2019-12795) +* daemon: Check that the connecting client is the same user (CVE-2019-12795) +* admin: Ensure correct ownership when moving to file:// uri (CVE-2019-12449) +* admin: Use fsuid to ensure correct file ownership (CVE-2019-12447) +* admin: Allow changing file owner (CVE-2019-12447) +* admin: Add query_info_on_read/write functionality (CVE-2019-12448) +* Translation updates + Major changes in 1.38.2 ======================= * mtp: Don't retry reading an event after failure |