Hi,
after some security issues were recently rediscovered in nautilus, I
have uploaded a new version to unstable, which slightly modifies the
handling of some .desktop files. Basically, it considers that any file
that is either:
* located on a non-file:// location,
* belonging to another user (except for root),
* located on /mnt or /media,
cannot legitimately contain an application shortcut and, in the case it
does, will treat it as a simple text file.
This does not affect files that are merely shortcuts shortcuts; the
worst abuse I could think of such files would be a fake document that
would bring a link to a malicious website or to a malicious document, so
it isn't less secure than firing up an application on the untrusted
document itself.
The changes were kept as small as possible, but they are a bit
intrusive, so if you find any regression in the handling of
legitimate .desktop files, please file a bug before we ask for this
version to migrate to etch.
Cheers,
--
.''`.
: :' : We are debian.org. Lower your prices, surrender your code.
`. `' We will add your hardware and software distinctiveness to
`- our own. Resistance is futile.
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=