Bug#860268: .desktop files can hide malware in Nautilus
intrigeri
intrigeri at debian.org
Thu Sep 7 11:26:42 UTC 2017
Control: tag -1 + security
Donncha O'Cearbhaill:
> Thank you Phil for providing a backport patch. What is the next step
> needed to get this fix released as a backport? The .desktop security
> issue is widely know and can be exploited in the wild [1]. IMO this
> fixed should be made available as soon as possible.
IMO the next step is to find out the answer to "Is there any plan
upstream to backport this fix to their 3.22.x branch, and/or to
request a CVE?": if this problem is as severe as it sounds, then it
should be tracked as a security issue and fixed cross-distro, rather
than patched in only the distros that are lucky enough to have users
who care about such things.
More information about the pkg-gnome-maintainers
mailing list