Bug#515078: nautilus: vulnerable to desktop file malware

Laurent Bonnaud Laurent.Bonnaud at inpg.fr
Fri Feb 13 09:52:14 UTC 2009

Package: nautilus
Version: 2.24.2-2
Justification: user security hole
Severity: grave
Tags: security


while this bug has been fixed in previous nautilus versions (see bugs
#408948 and #408556), it is present in the nautilus version in
experimental.  Will this version be uploaded to sid after the release of

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages nautilus depends on:
ii  desktop-file-utils         0.15-1        Utilities for .desktop files
ii  gnome-control-center       1:  utilities to configure the GNOME d
ii  gvfs                       1.0.3-1       userspace virtual filesystem - ser
ii  libatk1.0-0                1.24.0-1      The ATK accessibility toolkit
ii  libbeagle1                 0.3.5-2       library for accessing beagle using
ii  libbonobo2-0               2.24.0-1      Bonobo CORBA interfaces library
ii  libc6                      2.9-0exp2     GNU C Library: Shared libraries
ii  libcairo2                  1.8.6-1       The Cairo 2D vector graphics libra
ii  libeel2-2.24               2.24.1-1      Eazel Extensions Library (for GNOM
ii  libexempi3                 2.1.0-2       library to parse XMP metadata (Lib
ii  libexif12                  0.6.16-2.1    library to parse EXIF files
ii  libgail-common             2.14.7-1      GNOME Accessibility Implementation
ii  libgail18                  2.14.7-1      GNOME Accessibility Implementation
ii  libgconf2-4                2.24.0-5      GNOME configuration database syste
ii  libglade2-0                1:2.6.3-1     library to load .glade files at ru
ii  libglib2.0-0               2.18.4-1      The GLib library of C routines
ii  libgnome-desktop-2-7       2.24.2-1      Utility library for loading .deskt
ii  libgnome2-0                2.24.1-1      The GNOME 2 library - runtime file
ii  libgnomecanvas2-0    A powerful object-oriented display
ii  libgnomeui-0               2.24.0-1      The GNOME 2 libraries (User Interf
ii  libgtk2.0-0                2.14.7-1      The GTK+ graphical user interface
ii  libnautilus-extension1     2.24.2-2      libraries for nautilus components
ii  liborbit2                  1:2.14.16-0.1 libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0              1.22.4-1      Layout and rendering of internatio
ii  librsvg2-2                 2.22.3-1      SAX-based renderer library for SVG
ii  libselinux1                2.0.65-5      SELinux shared libraries
ii  libstartup-notification0   0.9-1         library for program launch feedbac
ii  libtrackerclient0          0.6.90-1      metadata database, indexer and sea
ii  libx11-6                   2:  X11 client-side library
ii  libxml2                    2.6.32.dfsg-5 GNOME XML library
ii  nautilus-data              2.24.2-2      data files for nautilus
ii  shared-mime-info           0.51-1        FreeDesktop.org shared MIME databa

Laurent Bonnaud.

More information about the pkg-gnome-maintainers mailing list