Bug#860268: .desktop files can hide malware in Nautilus
Phil Wyett
philwyett at kathenas.org
Fri Sep 1 23:14:38 UTC 2017
On Fri, 2017-09-01 at 21:53 +0200, intrigeri wrote:
> Hi!
>
> Micah Lee:
> > The upstream nautilus issue [1] has already been resolved, and will be
> > released in nautilus 3.24. But since this is an important security
> > issue, I think this patch should be backported so that it's fixed in
> > older versions of Debian.
>
> Thanks for raising this issue in Debian!
>
> Is there any plan upstream to backport this fix to their 3.22.x
> branch, and/or to request a CVE?
>
> Did you personally check whether it's straightforward to backport the
> fix to 3.22?
>
> Cheers,
Hi,
Seeing this bug. I have backported from the upstream patch (hash issue with
upstream diff) for testing purposes and all looks good. If anyone wishes to
test, a debdiff is attached.
The debdiff is prepared with a 'stretch-pu' in mind.
If any edits are required, please do not hesitate to let me know.
Regards
Phil
--
*** If this is a mailing list, I am subscribed, no need to CC me.***
Playing the game for the games sake.
Web: https://kathenas.org
Twitter: kathenasorg
Instagram: kathenasorg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nautilus_3.22.3-1_to_nautilus_3.22.3-1.1.debdiff
Type: text/x-patch
Size: 17612 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20170902/5b110cab/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20170902/5b110cab/attachment-0001.sig>
More information about the pkg-gnome-maintainers
mailing list