{"id":"CVE-2019-13229","details":"deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.","modified":"2026-04-11T12:42:25.149582Z","published":"2019-07-04T12:15:10.673Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCHGRJV5CWTMYEE5B5C2FNMCFVP45S7H/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/07/04/1"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1130388"},{"type":"FIX","url":"https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/linuxdeepin/deepin-clone","events":[{"introduced":"0"},{"fixed":"e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.1.3"}]}},{"type":"GIT","repo":"https://github.com/martyr-deepin/deepin-clone","events":[{"introduced":"0"},{"fixed":"e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab"}]}],"versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","0.0.5.1","0.0.6","0.0.7","0.0.7.1","0.0.8","0.0.8.1","0.0.8.2","0.0.8.3","0.0.8.4","0.0.8.5","0.0.9","0.1.0","0.1.1","0.1.2","1.1.0","1.1.1","1.1.2","1.1.2.1"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"app/src/corelib/ddevicediskinfo.cpp"},"source":"https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-052a1e51","digest":{"threshold":0.9,"line_hashes":["324363659789247176069352626471038849076","182187092244263681320822910085326308734","172543767542843172380504294006296039083","266436126093247388408246011968455259512","48002355643099683936159613585372781730","217210226020753186543389213980821076458"]}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"app/src/main.cpp","function":"main"},"source":"https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-0ea8271f","digest":{"function_hash":"113563948601623775091994925457347850496","length":5262}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"app/src/corelib/helper.h"},"source":"https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-10a194cd","digest":{"threshold":0.9,"line_hashes":["73211461248026863421626167981980895695","4466010122219878740845082028969158904","9156597926303972806743309778298674621"]}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"app/src/corelib/helper.cpp","function":"Helper::getPartitionSizeInfo"},"source":"https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-1c2b7ef4","digest":{"function_hash":"252563795239347951469147610591389157525","length":2721}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"app/src/corelib/helper.cpp","function":"Helper::temporaryMountDevice"},"source":"https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-2619044d","digest":{"function_hash":"15114990063950498979010082607885604993","length":715}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"app/src/fixboot/bootdoctor.cpp"},"source":"https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-29107175","digest":{"threshold":0.9,"line_hashes":["62791092068982009360708951756407158019","183656613279236439411046807009905886941","156882658786362086991523233056356618644","192281343816030771018560832689346276348","184585851938587393543751868085973308293"]}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"app/src/main.cpp"},"source":"https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-326c960c","digest":{"threshold":0.9,"line_hashes":["58264006821500031156106701592342553815","103938867238767200280192958584417589954","172366182685669957712578976268734425999","308269815039287284986994750527323314095","102255409522555953468421437115475193332","194190622566688223043749150494675717970","300223336700056411171180316392015238634","45209363262191569559167691881851339042","50368863285329939229768157340002832949","22916161165584685129666313370741910864","136471237446649993883938372850913848643","239967882650600827702346189270172629001","77143623736570513858456326751685898567","79094150988835526094010809817994885981","168551283402309239636945602582763034847","273145873841070949625564049033054353932","26590347001226687252240230793084236889","76417755425948067877209086338907040831","180080363487796562253453501927238441739","214379789846089921371141965617501070517","75407180318704451699303769443305508093","107515924067177073179555495791575344681","99521949033218398506077052531707715275","334481101730258788022912403254789715770","213900814101210555089531401897730498386","47472184887931405410206004603966111469"]}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"app/src/corelib/helper.cpp"},"source":"https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-3b75f8d0","digest":{"threshold":0.9,"line_hashes":["297493941717721491120353739802702694378","70663712124648028788775084082602127773","85915241062483032978909714211164534520","95727840979590646384826573652163520682","158494060859160071111546718480802766467","44026927524306943319463477520998127922","202445875717026759860022253414285575446","28710741109670800836779551038406405714","274459582798055139454775133966231040261","137762565925767635282689544041667052153","132283219185783715285941624257154906221","302653461098447736719831988179108189639"]}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"app/src/fixboot/bootdoctor.cpp"},"source":"https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-498f89e8","digest":{"threshold":0.9,"line_hashes":["62791092068982009360708951756407158019","183656613279236439411046807009905886941","156882658786362086991523233056356618644","192281343816030771018560832689346276348","184585851938587393543751868085973308293"]}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"app/src/corelib/ddevicediskinfo.cpp","function":"DDeviceDiskInfoPrivate::openDataStream"},"source":"https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-4f9bf2b7","digest":{"function_hash":"28849812168971268904174299514783830592","length":3623}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"app/src/main.cpp","function":"main"},"source":"https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-5e8038a4","digest":{"function_hash":"113563948601623775091994925457347850496","length":5262}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"app/src/main.cpp"},"source":"https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-68550ce5","digest":{"threshold":0.9,"line_hashes":["58264006821500031156106701592342553815","103938867238767200280192958584417589954","172366182685669957712578976268734425999","308269815039287284986994750527323314095","102255409522555953468421437115475193332","194190622566688223043749150494675717970","300223336700056411171180316392015238634","45209363262191569559167691881851339042","50368863285329939229768157340002832949","22916161165584685129666313370741910864","136471237446649993883938372850913848643","239967882650600827702346189270172629001","77143623736570513858456326751685898567","79094150988835526094010809817994885981","168551283402309239636945602582763034847","273145873841070949625564049033054353932","26590347001226687252240230793084236889","76417755425948067877209086338907040831","180080363487796562253453501927238441739","214379789846089921371141965617501070517","75407180318704451699303769443305508093","107515924067177073179555495791575344681","99521949033218398506077052531707715275","334481101730258788022912403254789715770","213900814101210555089531401897730498386","47472184887931405410206004603966111469"]}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"app/src/corelib/helper.cpp"},"source":"https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-6b782acd","digest":{"threshold":0.9,"line_hashes":["297493941717721491120353739802702694378","70663712124648028788775084082602127773","85915241062483032978909714211164534520","95727840979590646384826573652163520682","158494060859160071111546718480802766467","44026927524306943319463477520998127922","202445875717026759860022253414285575446","28710741109670800836779551038406405714","274459582798055139454775133966231040261","137762565925767635282689544041667052153","132283219185783715285941624257154906221","302653461098447736719831988179108189639"]}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"app/src/corelib/helper.cpp","function":"Helper::temporaryMountDevice"},"source":"https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-6c0b5692","digest":{"function_hash":"15114990063950498979010082607885604993","length":715}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"app/src/fixboot/bootdoctor.cpp","function":"BootDoctor::fix"},"source":"https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-7b449974","digest":{"function_hash":"336834746435690710190750556304552413246","length":6578}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"app/src/corelib/ddevicediskinfo.cpp"},"source":"https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-9d49d7d2","digest":{"threshold":0.9,"line_hashes":["324363659789247176069352626471038849076","182187092244263681320822910085326308734","172543767542843172380504294006296039083","266436126093247388408246011968455259512","48002355643099683936159613585372781730","217210226020753186543389213980821076458"]}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"app/src/fixboot/bootdoctor.cpp","function":"BootDoctor::fix"},"source":"https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-cb8b1423","digest":{"function_hash":"336834746435690710190750556304552413246","length":6578}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"app/src/corelib/ddevicediskinfo.cpp","function":"DDeviceDiskInfoPrivate::openDataStream"},"source":"https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-dbda8c1c","digest":{"function_hash":"28849812168971268904174299514783830592","length":3623}},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"app/src/corelib/helper.h"},"source":"https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-e1d4f7a3","digest":{"threshold":0.9,"line_hashes":["73211461248026863421626167981980895695","4466010122219878740845082028969158904","9156597926303972806743309778298674621"]}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"app/src/corelib/helper.cpp","function":"Helper::getPartitionSizeInfo"},"source":"https://github.com/martyr-deepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab","id":"CVE-2019-13229-e2813487","digest":{"function_hash":"252563795239347951469147610591389157525","length":2721}}],"vanir_signatures_modified":"2026-04-11T12:42:25Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13229.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}