glib: file permission vulnerability (CVE-2019-12450)
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1
does not properly restrict file
permissions while a copy operation is in progress. Instead, default
permissions are used.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12450
Patch:
https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
(from redmine: issue id 10574, created on 2019-06-14, closed on 2019-06-20)
- Relations:
- child #10575 (closed)
- child #10576 (closed)
- child #10577 (closed)
- child #10578 (closed)