File _patchinfo of Package patchinfo.11406

<patchinfo incident="11406">
  <issue tracker="bnc" id="1137930">VUL-1: CVE-2019-12795: gvfs: attack via local D-Bus method calls</issue>
  <issue tracker="bnc" id="1136986">VUL-0: CVE-2019-12447: gvfs: mishandling of in file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid</issue>
  <issue tracker="bnc" id="1136992">VUL-0: CVE-2019-12449: gvfs: mishandling of file's user and group ownership  in daemon/gvfsbackendadmin.c due to unavailability of root privileges</issue>
  <issue tracker="bnc" id="1136981">VUL-0: CVE-2019-12448: gvfs: race conditions in daemon/gvfsbackendadmin.c due to implementation of query_info_on_read/write at admin backend</issue>
  <issue tracker="bnc" id="1125433">gvfs: removal of /usr/share/polkit-1/rules.d/org.gtk.vfs.file-operations.rules</issue> 
  <issue tracker="cve" id="2019-12795"/>
  <issue tracker="cve" id="2019-12447"/>
  <issue tracker="cve" id="2019-12448"/>
  <issue tracker="cve" id="2019-12449"/>
  <category>security</category>
  <rating>important</rating>
  <packager>mgorse</packager>
  <description>This update for gvfs fixes the following issues:

Security issues fixed:    
   
- CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local 
  D-Bus method calls (bsc#1137930).
- CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c 
  due to no use of setfsuid (bsc#1136986).    
- CVE-2019-12449: Fixed an improper handling of file's user and group ownership  
  in daemon/gvfsbackendadmin.c (bsc#1136992).
- CVE-2019-12448: Fixed race conditions in daemon/gvfsbackendadmin.c due to implementation 
  of query_info_on_read/write at admin backend (bsc#1136981).

Other issue addressed: 
    
- Drop polkit rules files that are only relevant for wheel group (bsc#1125433).
</description>
  <summary>Security update for gvfs</summary>
</patchinfo>