Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/gvfs@1.50.3-1
purl pkg:deb/debian/gvfs@1.50.3-1
Next non-vulnerable version 1.50.3-1+deb12u1
Latest non-vulnerable version 1.57.2-2+deb13u1
Risk 1.9
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-n7zf-vpph-nygr
Aliases:
CVE-2026-28295
gvfs: GVfs FTP backend: Information disclosure via untrusted PASV responses
1.50.3-1+deb12u1
Affected by 0 other vulnerabilities.
1.57.2-2+deb13u1
Affected by 0 other vulnerabilities.
VCID-yxx6-d283-a7cu
Aliases:
CVE-2026-28296
gvfs: FTP GVfs backend: Arbitrary FTP command injection via CRLF sequences in file paths
1.50.3-1+deb12u1
Affected by 0 other vulnerabilities.
1.57.2-2+deb13u1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-n7zf-vpph-nygr gvfs: GVfs FTP backend: Information disclosure via untrusted PASV responses CVE-2026-28295
VCID-yxx6-d283-a7cu gvfs: FTP GVfs backend: Arbitrary FTP command injection via CRLF sequences in file paths CVE-2026-28296

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T09:09:53.041994+00:00 Debian Importer Affected by VCID-n7zf-vpph-nygr https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:46:00.635219+00:00 Debian Importer Affected by VCID-yxx6-d283-a7cu https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-15T23:27:50.551857+00:00 Debian Oval Importer Fixing VCID-yxx6-d283-a7cu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:33:17.156448+00:00 Debian Oval Importer Fixing VCID-n7zf-vpph-nygr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-11T23:03:11.988734+00:00 Debian Oval Importer Fixing VCID-yxx6-d283-a7cu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:08:06.947390+00:00 Debian Importer Affected by VCID-n7zf-vpph-nygr https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:53:21.259042+00:00 Debian Importer Affected by VCID-yxx6-d283-a7cu https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:19:37.419489+00:00 Debian Oval Importer Fixing VCID-n7zf-vpph-nygr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T22:37:05.041756+00:00 Debian Oval Importer Fixing VCID-yxx6-d283-a7cu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:08:05.115473+00:00 Debian Oval Importer Fixing VCID-n7zf-vpph-nygr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-07T05:55:25.246841+00:00 Debian Importer Affected by VCID-yxx6-d283-a7cu https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-04T17:57:46.267686+00:00 Debian Importer Affected by VCID-n7zf-vpph-nygr https://security-tracker.debian.org/tracker/data/json 38.1.0