Update NEWS for 1.40.2 release1.40.2

author: Ondrej Holy <oholy@redhat.com> 2019-07-17 11:46:22 +0200
committer: Ondrej Holy <oholy@redhat.com> 2019-07-17 11:46:22 +0200
commit: b7dc2daf2af667f1816ecdb8561c5a21beca85a8 (patch)
tree: 4894a8412213b4dbf420f0b5844a57bade747ab5
parent: a0da5f16feda323c29850c495acd86dfc8fbb262 (diff)
download: gvfs-b7dc2daf2af667f1816ecdb8561c5a21beca85a8.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index c2fee922..5f1ac8f3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,16 @@
+Major changes in 1.40.2
+=======================
+* daemon: Only accept EXTERNAL authentication (CVE-2019-12795)
+* daemon: Check that the connecting client is the same user (CVE-2019-12795)
+* admin: Ensure correct ownership when moving to file:// uri (CVE-2019-12449)
+* admin: Use fsuid to ensure correct file ownership (CVE-2019-12447)
+* admin: Allow changing file owner (CVE-2019-12447)
+* admin: Add query_info_on_read/write functionality (CVE-2019-12448)
+* afc: Remove assumptions about length of device UUID to support new devices
+* gmountsource: Fix deadlocks in synchronous API
+* afp: Fix afp backend crash when no username supplied
+* Translation updates
+
 Major changes in 1.40.1
 =======================
 * Revert "sftp: Always use port 22 if not specified"
author	Ondrej Holy <oholy@redhat.com>	2019-07-17 11:46:22 +0200
committer	Ondrej Holy <oholy@redhat.com>	2019-07-17 11:46:22 +0200
commit	b7dc2daf2af667f1816ecdb8561c5a21beca85a8 (patch)
tree	4894a8412213b4dbf420f0b5844a57bade747ab5
parent	a0da5f16feda323c29850c495acd86dfc8fbb262 (diff)
download	gvfs-b7dc2daf2af667f1816ecdb8561c5a21beca85a8.tar.gz