[gvfs/gnome-3-30] Update NEWS for 1.38.3 release

From: Ondrej Holy <oholy src gnome org>
To: commits-list gnome org
Cc:
Subject: [gvfs/gnome-3-30] Update NEWS for 1.38.3 release
Date: Wed, 17 Jul 2019 09:56:39 +0000 (UTC)

commit e178d606bc67a717e71af2c67b1739e21b1b65ec
Author: Ondrej Holy <oholy redhat com>
Date:   Wed Jul 17 11:54:19 2019 +0200

    Update NEWS for 1.38.3 release

 NEWS | 10 ++++++++++
 1 file changed, 10 insertions(+)
---
diff --git a/NEWS b/NEWS
index 450ed620..55f696f2 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,13 @@
+Major changes in 1.38.3
+=======================
+* daemon: Only accept EXTERNAL authentication (CVE-2019-12795)
+* daemon: Check that the connecting client is the same user (CVE-2019-12795)
+* admin: Ensure correct ownership when moving to file:// uri (CVE-2019-12449)
+* admin: Use fsuid to ensure correct file ownership (CVE-2019-12447)
+* admin: Allow changing file owner (CVE-2019-12447)
+* admin: Add query_info_on_read/write functionality (CVE-2019-12448)
+* Translation updates
+
 Major changes in 1.38.2
 =======================
 * mtp: Don't retry reading an event after failure

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]