oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: gvfsd-dav

From: Seth Arnold <seth.arnold () canonical com>
Date: Mon, 5 Oct 2015 21:10:41 -0700
Hello MITRE, all,

Paulo Matias and Gustavo Nunes Pereira reported an issue with gvfsd-dav to
the Ubuntu bugtracker:
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1502912

This appears to be an independant rediscovery of an issue already known to
the GNOME project: https://bugzilla.gnome.org/show_bug.cgi?id=743298
which was reported by Gabor Kelemen.

The gvfsd-dav code appears to unescape some pathnames from a file
server that do not need to be unescaped and crashes when the input is
malformed. The upstream fix is (for master, gnome-3-14, gnome-3-12):

https://git.gnome.org/browse/gvfs/commit/?id=f81ff2108ab3b6e370f20dcadd8708d23f499184
https://git.gnome.org/browse/gvfs/commit/?id=abc69427fc9985f6bc1ebe9a14d645f4805deca4
https://git.gnome.org/browse/gvfs/commit/?id=0abdd97989d5274d84017490aff3bf07a71fd672

Please assign a CVE.

Thanks

Attachment: signature.asc
Description: Digital signature

Previous By Date Next
Previous By Thread Next

Current thread: