Bug#860268: .desktop files can hide malware in Nautilus

[Phil Wyett]

On Fri, 2017-09-22 at 17:19 -0400, Jeremy Bicha wrote:
> I asked on IRC about this so feel free to send the email, Phil or Donncha:
> 
> jbicha | carnil: are you going to sponsor #860268 as a security update?
> jmm_ | jbicha: yeah, we can fix that via security.debian.org, please
> send a mail to team at security.debian.org, only a few of us are on IRC
> 
> 
> Thanks,
> Jeremy Bicha

Hi Security Team,

Please accept the attached 'nautilus' debdiff for stretch-security.

Info:

The debdiff is a backport of the fix from upstream[1] and includes translations
for the UI changes.

[1]: https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a
8d3bb0

Related debian bug:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268

Related upstream bug:

https://bugzilla.gnome.org/show_bug.cgi?id=777991

Related CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14604

Debian security tracker:

https://security-tracker.debian.org/tracker/CVE-2017-14604

Regards

Phil

-- 
*** If this is a mailing list, I am subscribed, no need to CC me.***

Playing the game for the games sake.

Web: https://kathenas.org

GitLab: https://gitlab.com/kathenas

Twitter: kathenasorg

Instagram: kathenasorg

GPG: 1B97 6556 913F 73F3 9C9B 25C4 2961 D9B6 2017 A57A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nautilus_3.22.3-1_to_nautilus_3.22.3-1+deb9u1.debdiff
Type: text/x-patch
Size: 33070 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20170923/fe4f1ed8/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20170923/fe4f1ed8/attachment-0001.sig>