commit 6ac7c77345d9abe02362b9762161d73674a21039

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

gvfs: fix CVE-2019-12795

Vulnerability Description:
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before
1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without
configuring an authorization rule. A local attacker could connect to this server
socket and issue D-Bus method calls. Note that the server socket only accepts
a single connection, so the attacker would have to discover the server and connect
to the socket before its owner does.

Closes #63301

worldofpeace 6 years ago 6ac7c773 d2bfd7aa

1 changed file

expand all

unified split

pkgs

development

libraries

gvfs

default.nix

pkgs/development/libraries/gvfs/default.nix

··· 38 38 url = "https://gitlab.gnome.org/GNOME/gvfs/commit/bed1e9685c9f65f6a3ff3b39dd8547db3e7e77f6.patch"; 39 39 sha256 = "0hfybfaz2gfx3yyw5ymx6q0pqwkx2r1i7gzprfp80bplwslq0d4h"; 40 40 }) 41 + # CVE-2019-12795 42 + (fetchpatch { 43 + url = "https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe.patch"; 44 + sha256 = "1lx6yxykx24mnq5izijqk744zj6rgww6ba76z0qjal4y0z3gsdqp"; 45 + }) 41 46 ]; 42 47 43 48 postPatch = ''