Update NEWS for 1.41.3 release1.41.3

author: Ondrej Holy <oholy@redhat.com> 2019-06-19 09:34:22 +0200
committer: Ondrej Holy <oholy@redhat.com> 2019-06-19 09:34:22 +0200
commit: 08c68c550550eccbecbf7a50c7efbae69122c861 (patch)
tree: c2b58eef1c9b641d443f582d67be9ff7e6480e59
parent: 16a275041de2e70063da8aa5cfb2804de9a2f60a (diff)
download: gvfs-1.41.3.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 491bb79c..1d5b9c53 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,13 @@
+Major changes in 1.41.3
+=======================
+* daemon: Only accept EXTERNAL authentication (CVE-2019-12795)
+* daemon: Check that the connecting client is the same user (CVE-2019-12795)
+* admin: Ensure correct ownership when moving to file:// uri (CVE-2019-12449)
+* admin: Use fsuid to ensure correct file ownership (CVE-2019-12447)
+* admin: Allow changing file owner (CVE-2019-12447)
+* admin: Add query_info_on_read/write functionality (CVE-2019-12448)
+* Translation updates
+
 Major changes in 1.41.2
 =======================
 * build: Several meson improvements
author	Ondrej Holy <oholy@redhat.com>	2019-06-19 09:34:22 +0200
committer	Ondrej Holy <oholy@redhat.com>	2019-06-19 09:34:22 +0200
commit	08c68c550550eccbecbf7a50c7efbae69122c861 (patch)
tree	c2b58eef1c9b641d443f582d67be9ff7e6480e59
parent	16a275041de2e70063da8aa5cfb2804de9a2f60a (diff)
download	gvfs-1.41.3.tar.gz