[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Please test nautilus in unstable


after some security issues were recently rediscovered in nautilus, I
have uploaded a new version to unstable, which slightly modifies the
handling of some .desktop files. Basically, it considers that any file
that is either:
      * located on a non-file:// location,
      * belonging to another user (except for root),
      * located on /mnt or /media,
cannot legitimately contain an application shortcut and, in the case it
does, will treat it as a simple text file.

This does not affect files that are merely shortcuts shortcuts; the
worst abuse I could think of such files would be a fake document that
would bring a link to a malicious website or to a malicious document, so
it isn't less secure than firing up an application on the untrusted
document itself.

The changes were kept as small as possible, but they are a bit
intrusive, so if you find any regression in the handling of
legitimate .desktop files, please file a bug before we ask for this
version to migrate to etch.

: :' :      We are debian.org. Lower your prices, surrender your code.
`. `'       We will add your hardware and software distinctiveness to
  `-        our own. Resistance is futile.

Attachment: signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=

Reply to: