Bug#515078: marked as done (nautilus: vulnerable to desktop file malware)

Fri, 24 Apr 2009 18:19:20 -0700 

Your message dated Sat, 25 Apr 2009 00:47:07 +0000
with message-id <e1lxw2t-0002dv...@ries.debian.org>
and subject line Bug#515078: fixed in nautilus 2.26.2-1
has caused the Debian Bug report #515078,
regarding nautilus: vulnerable to desktop file malware
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
515078: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515078
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: nautilus
Version: 2.24.2-2
Justification: user security hole
Severity: grave
Tags: security


Hi,

while this bug has been fixed in previous nautilus versions (see bugs
#408948 and #408556), it is present in the nautilus version in
experimental.  Will this version be uploaded to sid after the release of
lenny?


-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages nautilus depends on:
ii  desktop-file-utils         0.15-1        Utilities for .desktop files
ii  gnome-control-center       1:2.24.0.1-1  utilities to configure the GNOME d
ii  gvfs                       1.0.3-1       userspace virtual filesystem - ser
ii  libatk1.0-0                1.24.0-1      The ATK accessibility toolkit
ii  libbeagle1                 0.3.5-2       library for accessing beagle using
ii  libbonobo2-0               2.24.0-1      Bonobo CORBA interfaces library
ii  libc6                      2.9-0exp2     GNU C Library: Shared libraries
ii  libcairo2                  1.8.6-1       The Cairo 2D vector graphics libra
ii  libeel2-2.24               2.24.1-1      Eazel Extensions Library (for GNOM
ii  libexempi3                 2.1.0-2       library to parse XMP metadata (Lib
ii  libexif12                  0.6.16-2.1    library to parse EXIF files
ii  libgail-common             2.14.7-1      GNOME Accessibility Implementation
ii  libgail18                  2.14.7-1      GNOME Accessibility Implementation
ii  libgconf2-4                2.24.0-5      GNOME configuration database syste
ii  libglade2-0                1:2.6.3-1     library to load .glade files at ru
ii  libglib2.0-0               2.18.4-1      The GLib library of C routines
ii  libgnome-desktop-2-7       2.24.2-1      Utility library for loading .deskt
ii  libgnome2-0                2.24.1-1      The GNOME 2 library - runtime file
ii  libgnomecanvas2-0          2.20.1.1-1    A powerful object-oriented display
ii  libgnomeui-0               2.24.0-1      The GNOME 2 libraries (User Interf
ii  libgtk2.0-0                2.14.7-1      The GTK+ graphical user interface
ii  libnautilus-extension1     2.24.2-2      libraries for nautilus components
ii  liborbit2                  1:2.14.16-0.1 libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0              1.22.4-1      Layout and rendering of internatio
ii  librsvg2-2                 2.22.3-1      SAX-based renderer library for SVG
ii  libselinux1                2.0.65-5      SELinux shared libraries
ii  libstartup-notification0   0.9-1         library for program launch feedbac
ii  libtrackerclient0          0.6.90-1      metadata database, indexer and sea
ii  libx11-6                   2:1.1.99.2-1  X11 client-side library
ii  libxml2                    2.6.32.dfsg-5 GNOME XML library
ii  nautilus-data              2.24.2-2      data files for nautilus
ii  shared-mime-info           0.51-1        FreeDesktop.org shared MIME databa

-- 
Laurent Bonnaud.
http://www.lis.inpg.fr/pages_perso/bonnaud/

--- End Message ---
--- Begin Message --- 
Source: nautilus
Source-Version: 2.26.2-1

We believe that the bug you reported is fixed in the latest version of
nautilus, which is due to be installed in the Debian FTP archive:

libnautilus-extension-dev_2.26.2-1_amd64.deb
  to pool/main/n/nautilus/libnautilus-extension-dev_2.26.2-1_amd64.deb
libnautilus-extension1_2.26.2-1_amd64.deb
  to pool/main/n/nautilus/libnautilus-extension1_2.26.2-1_amd64.deb
nautilus-data_2.26.2-1_all.deb
  to pool/main/n/nautilus/nautilus-data_2.26.2-1_all.deb
nautilus-dbg_2.26.2-1_amd64.deb
  to pool/main/n/nautilus/nautilus-dbg_2.26.2-1_amd64.deb
nautilus_2.26.2-1.diff.gz
  to pool/main/n/nautilus/nautilus_2.26.2-1.diff.gz
nautilus_2.26.2-1.dsc
  to pool/main/n/nautilus/nautilus_2.26.2-1.dsc
nautilus_2.26.2-1_amd64.deb
  to pool/main/n/nautilus/nautilus_2.26.2-1_amd64.deb
nautilus_2.26.2.orig.tar.gz
  to pool/main/n/nautilus/nautilus_2.26.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 515...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Josselin Mouette <j...@debian.org> (supplier of updated nautilus package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 25 Apr 2009 01:33:51 +0200
Source: nautilus
Binary: nautilus nautilus-dbg libnautilus-extension1 libnautilus-extension-dev 
nautilus-data
Architecture: source all amd64
Version: 2.26.2-1
Distribution: unstable
Urgency: low
Maintainer: Josselin Mouette <j...@debian.org>
Changed-By: Josselin Mouette <j...@debian.org>
Description: 
 libnautilus-extension-dev - libraries for nautilus components - development 
version
 libnautilus-extension1 - libraries for nautilus components - runtime version
 nautilus   - file manager and graphical shell for GNOME
 nautilus-data - data files for nautilus
 nautilus-dbg - file manager and graphical shell for GNOME - debugging version
Closes: 422570 469267 512824 515078 515104 518773
Changes: 
 nautilus (2.26.2-1) unstable; urgency=low
 .
   * Break eiciel, diff-ext, nautilus-gksu, nautilus-actions,
     nautilus-share and seahorse-plugins until versions rebuilt with the
     new extension path.
   * Only suggest xdg-user-dirs, nautilus works perfectly fine without
     it.
   * New upstream release.
     + Correctly cleans up session files. Closes: #469267.
     + Checks whether the session is active with ConsoleKit before
       mounting a removable media. Closes: #512824.
     + Follows OnlyShowIn/NotShowIn for .desktop files on the desktop.
       Closes: #422570.
     + Only accepts .desktop with executable permissions.
       Closes: #515078, #515104.
   * 07_desktop_file_activation.patch: removed from the sources.
   * 02_eel_libadd.patch: stolen from the eel2 sources. Fix linking of
     the eel convenience library.
   * 14_sidebar_network-protocol.patch: removed, useless since 2.24.
     Closes: #518773.
   * 20_open-with_install.patch: updated for the new version.
   * 90_relibtoolize.patch: new patch, relibtoolize over that.
   * Refresh other patches.
   * Bump shlibs version to 2.26.2.
   * Add brasero 2.26 as an alternative to n-c-b.
   * Recommend consolekit.
   * Pass --disable-packagekit.
   * Fix section of debug package.
   * Update build-dependencies and dependencies according to the upstream
     changes.
   * Build-depend on libglib2.0-doc and libgtk2.0-doc to ensure proper
     xrefs.
   * nautilus-data.install: there are no more bonobo files to ship.
   * 10_load_session.patch: new patch. Support --load-session so that
     sessions saved with older nautilus versions will load correctly.
Checksums-Sha1: 
 e0e96becadff9f8bb6aa063c5f46630a50d40529 1966 nautilus_2.26.2-1.dsc
 f5f621d2eb401bdf91b0e00b9676a6687ac0548c 8697871 nautilus_2.26.2.orig.tar.gz
 83df5f0fa93f25ce27c2a3db56b84f696f7cdaf5 543104 nautilus_2.26.2-1.diff.gz
 7bd9dfc9e0c4b0cef5a9042aac4ac3317ba48e8c 5100846 nautilus-data_2.26.2-1_all.deb
 d0b7dea53078a69032b88a58d44a1998c715c897 1460998 nautilus_2.26.2-1_amd64.deb
 e31470f7ceca5cddc5bf35e9c821e132e808671c 3460670 
nautilus-dbg_2.26.2-1_amd64.deb
 71467023ce3c0662efc5b3c6497afedf1736df31 187948 
libnautilus-extension1_2.26.2-1_amd64.deb
 6dc053ac2d07ba578d57931133fb3a58ca2dea02 204094 
libnautilus-extension-dev_2.26.2-1_amd64.deb
Checksums-Sha256: 
 8613dfc9bc894182e1fc2b55dad67c75638eafb19a68208c657c226854193f5d 1966 
nautilus_2.26.2-1.dsc
 451bc0514d3d184c22d20675bc3639e897042aae3fe126ba305bb50e7a413aed 8697871 
nautilus_2.26.2.orig.tar.gz
 5238c3df282116a7043b124daec226d0218a4384b6aa0bad32e8fcc295ef7d7f 543104 
nautilus_2.26.2-1.diff.gz
 78e1e6955118da0260e763b15860fbf389efa31dfbd990316e26b21597800cbe 5100846 
nautilus-data_2.26.2-1_all.deb
 0d1e03e7675b61fcff08bd88f550480a0c0974375501f5edfdfbaa380d3ee343 1460998 
nautilus_2.26.2-1_amd64.deb
 e34ca1c8a84f74418771af206e5a96de68458c7b29c55603c99bca073bd5a8e8 3460670 
nautilus-dbg_2.26.2-1_amd64.deb
 d5cc17fdca1787e4fe79be79b69d86492267d0edb6039fd7d1faeaec72c62c99 187948 
libnautilus-extension1_2.26.2-1_amd64.deb
 e6f96bd02f3331526dad299d521ced60a6cd2c953a857ecaa80854bdd146c8bb 204094 
libnautilus-extension-dev_2.26.2-1_amd64.deb
Files: 
 42e1fbd0d025f25fab700a01fae59ca1 1966 gnome optional nautilus_2.26.2-1.dsc
 312405da22ccf0c3501eed2feed615c1 8697871 gnome optional 
nautilus_2.26.2.orig.tar.gz
 6886637df08514942e79eacff2f3350f 543104 gnome optional 
nautilus_2.26.2-1.diff.gz
 03aee77156a59a828f844d17fb1745b3 5100846 gnome optional 
nautilus-data_2.26.2-1_all.deb
 d6bb3b47e2158053dbc8f53f971fb2a8 1460998 gnome optional 
nautilus_2.26.2-1_amd64.deb
 3eeb7b05c10b74107b9baa330f41ec63 3460670 debug extra 
nautilus-dbg_2.26.2-1_amd64.deb
 d4a14ba565d9277ea2ec0287d598c810 187948 libs optional 
libnautilus-extension1_2.26.2-1_amd64.deb
 94ba23be35a6f64629e9db09a502f210 204094 libdevel optional 
libnautilus-extension-dev_2.26.2-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ8lu5rSla4ddfhTMRAu2qAJ9HAXyDAHyq3jESEB8l4zxdRPTEDQCfUkni
5tvjT7hLk3/ya63Zah6qtHI=
=MB2q
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to