[Pkg-privacy-maintainers] Bug#858058: mat: "Clean metadata" contextual menu silently fails

sajolida sajolida at pimienta.org
Fri Mar 17 20:16:46 UTC 2017 

Package: mat
Version: 0.6.1-3
Severity: important

Hi,

I found this bug while working the upcoming version of Tails based on
Stretch but I could also reproduce it in Debian Stretch. MAT can be used
through 2 different paths from the standalone GUI or from the contextual
menu in Nautilus. This bug affects the contextual menu in Nautilus.

Steps to reproduce in GNOME:

* Open MAT.
* Press the *PrintScreen* key to take a screenshot.
* Navigate to ~/Pictures.
* Drag and drop the screenshot in MAT.
* The screenshot is marked as **Dirty** in MAT (as expected) as the
  metadata of the file include "Software: gnome-screenshot".
* Right-click on the screenshot in Nautilus and choose **Clean metadata**.
* Result: I got no feedback (while in previous version a backup copy was
  created which provided visual feedback about the success of the
  operation).
* Drag and drop again the screen in MAT.
* The screenshot is still marked as **Dirty** in MAT and still has the
  "Software: gnome-screenshot". That's the bug.
* Click on the screenshot in MAT to select it. Click on the **Clean**
  button and the screenshot gets marked as **Clean** (as expected).

I'm flagging this as "important" for the time being but I think that
it's a serious security issue since people might got use to clean
metadata from backup file in comparison with the version in Jessie. So,
in my opinion, and if I understood correctly, this renders MAT useless
for probably most of its actual uses.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: 1489780924 WARNING torsocks[11141]: [syscall] Unsupported syscall number 217. Denying the call (in tsocks_syscall() at syscall.c:488)
amd64 (x86_64)
Foreign Architectures: 1489780924 WARNING torsocks[11143]: [syscall] Unsupported syscall number 217. Denying the call (in tsocks_syscall() at syscall.c:488)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=1489780924 WARNING torsocks[11097]: [syscall] Unsupported syscall number 217. Denying the call (in tsocks_syscall() at syscall.c:488)
UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mat depends on:
ii  gir1.2-poppler-0.18  0.48.0-2
ii  python-gi            3.22.0-2
ii  python-mutagen       1.36-1
ii  python-pdfrw         0.2-3
pn  python:any           <none>

Versions of packages mat recommends:
ii  gir1.2-gdkpixbuf-2.0    2.36.5-2
ii  gir1.2-glib-2.0         1.50.0-1+b1
ii  gir1.2-gtk-3.0          3.22.8-1
ii  gir1.2-nautilus-3.0     3.22.2-1
ii  libimage-exiftool-perl  10.40-1
ii  python-gi-cairo         3.22.0-2
ii  python-nautilus         1.1-4

mat suggests no packages.

-- debconf information:
1489780765 WARNING torsocks[11028]: [syscall] Unsupported syscall number 217. Denying the call (in tsocks_syscall() at syscall.c:488)

More information about the Pkg-privacy-maintainers mailing list