Bug#860268: .desktop files can hide malware in Nautilus

Jeremy Bicha jbicha at debian.org
Wed Sep 13 12:55:48 UTC 2017


On Thu, Sep 7, 2017 at 9:34 AM, Donncha O'Cearbhaill <donncha at donncha.is> wrote:
> The upstream developer has now indicated that they will not be
> backporting the fix to 3.22.x. They have a policy of not backporting
> fixes which involve UI changes in stable branches.
>
> Will Debian backport this issue themselves? I have requested a CVE which
> I hope will help other distros to coordinate their fixes.

It's not just a UI change but a translatable string change. The new
dialog that users will have to use to mark .desktop's as trusted will
be untranslated.

Therefore, if you want this feature, you will need to use Nautilus >=
3.24 which means you will need to upgrade to buster.

Thanks,
Jeremy Bicha



More information about the pkg-gnome-maintainers mailing list