Upstream committed a fix in January for a crash in gvfsd-dav: https://bugzilla.gnome.org/show_bug.cgi?id=743298 A CVE was requested for this: http://openwall.com/lists/oss-security/2015/10/06/3 The fix was already in Cauldron. Patched package uploaded for Mageia 5. Advisory: ---------------------------------------- Applications using gvfs to browse remote WebDAV file shares could crash if the share contained filenames which gvfs mistook as URL-encoded (bgo#743298). References: https://bugzilla.gnome.org/show_bug.cgi?id=743298 ---------------------------------------- Updates packages in core/updates_testing: ---------------------------------------- gvfs-1.22.3-2.1.mga5 gvfs-devel-1.22.3-2.1.mga5 gvfs-fuse-1.22.3-2.1.mga5 gvfs-smb-1.22.3-2.1.mga5 gvfs-archive-1.22.3-2.1.mga5 gvfs-gphoto2-1.22.3-2.1.mga5 gvfs-iphone-1.22.3-2.1.mga5 gvfs-mtp-1.22.3-2.1.mga5 gvfs-goa-1.22.3-2.1.mga5 from gvfs-1.22.3-2.1.mga5.src.rpm Reproducible: Steps to Reproduce:
CC: (none) => olav
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
I haven't tested any functionality, but I verified that they upgrade cleanly.
Mag5 x64 Same as Comment 1, perhaps even less. I installed all the gvs packages cited (except dev) from issued repos, version 1.22.3-2. Nothing resulted, and I could not make anything happen: no daemon running, nor startable by normal means. # systemctl start gvfsd [or gvsd or gvs] Failed to start gvfsd.service: Unit gvfsd.service failed to load: No such file or directory. # gvsd [or gvs] bash: gvsd: command not found Updated all pkgs from Updates Testing to version 1.22.3-2.1 . Nothing untoward happened, so like David: they upgrade cleanly. Discussion of this update suggested that this may have to suffice to OK it. I hesitate to do so in the hope that something better can be tried. If not - OK.
CC: (none) => lewyssmith
Whiteboard: advisory => MGA5-32-OK MGA5-64-OK advisory
Validating this update
Keywords: (none) => validated_updateCC: (none) => wilcal.int, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGAA-2015-0160.html
Status: NEW => RESOLVEDResolution: (none) => FIXED