File CVE-2018-14036.patch of Package accountsservice.12774
diff --git a/src/user.c b/src/user.c
index 802d07a..ec66d73 100644
--- a/src/user.c
+++ b/src/user.c
@@ -1435,6 +1435,14 @@ user_change_icon_file_authorized_cb (Daemon *daemon,
}
file = g_file_new_for_path (filename);
+ g_clear_pointer (&filename, g_free);
+
+ /* Canonicalize path so we can call g_str_has_prefix on it
+ * below without concern for ../ path components moving outside
+ * the prefix
+ */
+ filename = g_file_get_path (file);
+
info = g_file_query_info (file, G_FILE_ATTRIBUTE_UNIX_MODE ","
G_FILE_ATTRIBUTE_STANDARD_TYPE ","
G_FILE_ATTRIBUTE_STANDARD_SIZE,