[Bug 613025] Re: Alacarte creates extra copies of existing desktop entries when viewing them
** Attachment added: Dependencies.txt http://launchpadlibrarian.net/52996792/Dependencies.txt -- Alacarte creates extra copies of existing desktop entries when viewing them https://bugs.launchpad.net/bugs/613025 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to alacarte in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 613025] [NEW] Alacarte creates extra copies of existing desktop entries when viewing them
Public bug reported: Binary package hint: alacarte Steps to reproduce: 1. Run alacarte by choosing System ▸ Preferences ▸ Main Menu. 2. Choose Applications ▸ Accessories in the Menus list on the left. 3. Choose Calculator and press Properties to find out how to run it from the command line. 4. Close the Launcher Properties window (you didn't mean to change anything). 5. Close alacarte. Actual results Examine the ~/.local/share/applications directory. Alacarte has just created a gcalctool.desktop file there. It is a copy of /usr/share/applications/gcalctool.desktop, the content is identical. Expected behavior Nothing should be created in ~/.local/share/applications unless the user makes some actual changes to the desktop entry. What's going to happen if after an upgrade the system-wide version of gcalctool.desktop is updated? The user will likely have the old one saved in her home directory! And she didn't choose to hold the desktop entry or make it exempt from upgrades somehow. The user just wanted to view it. Workaround After viewing an entry in alacarte, right-click it and choose Revert to Original in the context menu. Close alacarte. It will delete the corresponding .desktop file. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: alacarte 0.13.1-0ubuntu1 ProcVersionSignature: Ubuntu 2.6.32-24.38-generic 2.6.32.15+drm33.5 Uname: Linux 2.6.32-24-generic i686 Architecture: i386 Date: Tue Aug 3 20:30:31 2010 InstallationMedia: Ubuntu 10.04 LTS Lucid Lynx - Release i386 (20100429) PackageArchitecture: all ProcEnviron: PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: alacarte ** Affects: alacarte (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug i386 lucid -- Alacarte creates extra copies of existing desktop entries when viewing them https://bugs.launchpad.net/bugs/613025 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to alacarte in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 613025] Re: Alacarte creates extra copies of existing desktop entries when viewing them
** Bug watch added: GNOME Bug Tracker #564347 https://bugzilla.gnome.org/show_bug.cgi?id=564347 ** Also affects: alacarte via https://bugzilla.gnome.org/show_bug.cgi?id=564347 Importance: Unknown Status: Unknown -- Alacarte creates extra copies of existing desktop entries when viewing them https://bugs.launchpad.net/bugs/613025 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to alacarte in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 578701] Re: gnome-panel/clock-applet doesn't upgrade clock time
Thanks for reporting this bug! I experience a similar problem with my clock. I wonder if my issue is the same as yours. Could you please provide more information about your problem? When you move your mouse or press a key on the keyboard, does the clock unfreeze and start going again? Is the clock slow compared to some correct clock outside your computer? You mentioned you could briefly see the current time by adding another clock applet to the panel. Does that applet show the exact time at the moment when it is added? Open a terminal (Applications-Accessories-Terminal) and run a 'date' command. You can run it several times. Does it display the correct time? -- gnome-panel/clock-applet doesn't upgrade clock time https://bugs.launchpad.net/bugs/578701 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-panel in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 325261] Re: Gstreamer good plugins vulnerabilities
Adding CVE references: CVE-2009-0386, CVE-2009-0387, CVE-2009-0397, CVE-2009-0398 -- Gstreamer good plugins vulnerabilities https://bugs.launchpad.net/bugs/325261 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 325261] [NEW] Gstreamer good plugins vulnerabilities
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: gstreamer0.10-plugins-good CVE-2009-0386 Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file. CVE-2009-0387 Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to mark keyframes. CVE-2009-0397 Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file. CVE-2009-0398 Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file. Source: http://www.openwall.com/lists/oss-security/2009/02/03/2 NVD entries: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0386 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0387 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0397 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0398 ** Affects: gst-plugins-good0.10 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0386 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0387 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0397 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0398 -- Gstreamer good plugins vulnerabilities https://bugs.launchpad.net/bugs/325261 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 322196] Re: Untrusted search path vulnerability in Python and multiple other programs
According to these links (provided by Jan Lieskovsky in the thread referenced above), Python 2.6 is affected as well. http://www.openwall.com/lists/oss-security/2009/01/28/5 https://bugzilla.redhat.com/show_bug.cgi?id=482814#c1 ** Description changed: - Binary package hint: python2.5 - - There's an interesting bug (or feature?) in Python 2.5 and earlier that + There's an interesting bug (or feature?) in Python 2.6 and earlier that affects multiple applications using Python. The bug allows local or user-assisted remote arbitrary code execution. Here is the description of the Python CVE: Untrusted search path vulnerability in the PySys_SetArgv API function in Python before 2.6 prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. + + (Python 2.6 is vulnerable, too. See the comments.) Affected packages are, at least: CVE-2008-4863 - Blender (already fixed in Ubuntu, I think) CVE-2008-5983 - Python CVE-2008-5984 - Dia CVE-2008-5985 - Epiphany CVE-2008-5986 - Csound CVE-2008-5987 - eog CVE-2009-0314 - gedit CVE-2009-0315 - xchat CVE-2009-0316 - vim CVE-2009-0317 - Nautilus CVE-2009-0318 - Gnumeric I'm not sure which versions of these packages and which Ubuntu releases are actually affected, though. Source and more information: oss-security thread at http://www.openwall.com/lists/oss-security/2009/01/28/2 -- Untrusted search path vulnerability in Python and multiple other programs https://bugs.launchpad.net/bugs/322196 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to eog in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 321460] Re: alacarte crashed with SIGSEGV in g_closure_invoke()
I failed to reproduce this crash on my Hardy, so there's little point in testing it on Intrepid. -- alacarte crashed with SIGSEGV in g_closure_invoke() https://bugs.launchpad.net/bugs/321460 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 322196] Re: Untrusted search path vulnerability in Python and multiple other programs
Adding CVE references: CVE-2008-5983, CVE-2008-5984, CVE-2008-5985, CVE-2008-5986, CVE-2008-5987, CVE-2009-0314, CVE-2009-0315, CVE-2009-0316, CVE-2009-0317, CVE-2009-0318 ** Also affects: python2.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: dia (Ubuntu) Importance: Undecided Status: New ** Also affects: epiphany (Ubuntu) Importance: Undecided Status: New ** Also affects: csound (Ubuntu) Importance: Undecided Status: New ** Also affects: eog (Ubuntu) Importance: Undecided Status: New ** Also affects: gedit (Ubuntu) Importance: Undecided Status: New ** Also affects: xchat (Ubuntu) Importance: Undecided Status: New ** Also affects: vim (Ubuntu) Importance: Undecided Status: New ** Also affects: nautilus (Ubuntu) Importance: Undecided Status: New ** Also affects: gnumeric (Ubuntu) Importance: Undecided Status: New -- Untrusted search path vulnerability in Python and multiple other programs https://bugs.launchpad.net/bugs/322196 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to eog in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 321460] [NEW] alacarte crashed with SIGSEGV in g_closure_invoke()
Public bug reported: Binary package hint: alacarte Here is a description of what happened. I'm using Ubuntu 8.04.2. I recently installed the Konqueror browser (package konqueror) that depends on a good number of KDE packages. When I looked at the Applications menu, there were lots of new KDE-related items under the Other submenu. I don't need them at all, so I opened the menu editor (alacarte) and started to remove the items from the Other category one by one, after examining their properties. It took several seconds to alacarte to apply each change when I was unchecking the entries. If I tried to uncheck another menu item while it was still processing the first, the second change did nothing. So when I had already done a dozen or two of those menu items, alacarte crashed. I think it was removing another menu item from the Other menu immediately before the crash. My machine is relatively slow nowadays, it's Pentium III 666 MHz. ProblemType: Crash Architecture: i386 Date: Mon Jan 26 20:01:19 2009 DistroRelease: Ubuntu 8.04 ExecutablePath: /usr/bin/alacarte InterpreterPath: /usr/bin/python2.5 Package: alacarte 0.11.5-0ubuntu1.1 PackageArchitecture: all ProcCmdline: /usr/bin/python -OOt /usr/bin/alacarte ProcEnviron: PATH=/home/username/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games LANG=en_US.UTF-8 SHELL=/bin/bash Signal: 11 SourcePackage: alacarte StacktraceTop: ?? () from /usr/lib/libgtk-x11-2.0.so.0 ?? () from /usr/lib/libgtk-x11-2.0.so.0 ?? () from /usr/lib/libgobject-2.0.so.0 g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 ?? () from /usr/lib/libgobject-2.0.so.0 Title: alacarte crashed with SIGSEGV in g_closure_invoke() Uname: Linux 2.6.24-23-generic i686 UserGroups: adm admin audio cdrom floppy fuse lpadmin plugdev sambashare video ** Affects: alacarte (Ubuntu) Importance: Undecided Status: New ** Tags: apport-crash -- alacarte crashed with SIGSEGV in g_closure_invoke() https://bugs.launchpad.net/bugs/321460 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to alacarte in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 321460] Re: alacarte crashed with SIGSEGV in g_closure_invoke()
** Attachment added: CoreDump.gz http://launchpadlibrarian.net/21645113/CoreDump.gz ** Attachment added: Dependencies.txt http://launchpadlibrarian.net/21645115/Dependencies.txt ** Attachment added: Disassembly.txt http://launchpadlibrarian.net/21645116/Disassembly.txt ** Attachment added: ProcMaps.txt http://launchpadlibrarian.net/21645117/ProcMaps.txt ** Attachment added: ProcStatus.txt http://launchpadlibrarian.net/21645118/ProcStatus.txt ** Attachment added: Registers.txt http://launchpadlibrarian.net/21645119/Registers.txt ** Attachment added: Stacktrace.txt http://launchpadlibrarian.net/21645120/Stacktrace.txt ** Attachment added: ThreadStacktrace.txt http://launchpadlibrarian.net/21645121/ThreadStacktrace.txt -- alacarte crashed with SIGSEGV in g_closure_invoke() https://bugs.launchpad.net/bugs/321460 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to alacarte in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 275560] Re: Gnome Screensaver should optionally disable audio input and output
** Bug watch added: GNOME Bug Tracker #554438 http://bugzilla.gnome.org/show_bug.cgi?id=554438 ** Also affects: gnome-screensaver via http://bugzilla.gnome.org/show_bug.cgi?id=554438 Importance: Unknown Status: Unknown ** Description changed: Binary package hint: gnome-screensaver This is an enhancement request related to a low-risk security vulnerability. Nothing serious but still would be nice to have this implemented. Currently you can password-protect your screen and input devices like keyboard and mouse using the Gnome Screensaver. This is useful when you need to leave the computer unattended for a while in a moderately insecure environment. But the audio input/output is not locked by the screensaver and that opens up a vulnerability. Here is a use case. You talk with Bob using Ekiga Softphone (an Internet telephony client). Then you lock your computer's screen and go out for a short while. If someone approaches your computer while you're out, they can use your headphones and microphone and may be able to impersonate you to Bob or hear some confidential talk that Bob intended only for you to hear. Gnome Screensaver should have an option to control whether audio input and output are enabled while your screen is locked. If you are aware of the risk, an easy (albeit often inconvenient) work- around exists: disconnect your Ekiga call before leaving — and generally make sure that running programs neither use the audio input from the microphone nor emit any confidential sounds. If the user doesn't have a security mindset, however, there is a chance that she won't think of this risk at all and will remain exposed. Although technically it is true that if the attacker can physically access your machine you're lost from the security point of view, actually there are many environments (like your home or maybe your workplace) where a screensaver lock is enough to stop casual eavesdroppers because they are not technically competent or because they wouldn't risk to mount a more serious attack which might involve opening up the case, connecting suspicious devices to it, etc. After all, nobody says that the screensaver password locking feature is _useless_. If it is useful to some extent, so will be the feature suggested here. - - Feel free to copy this suggestion to the upstream bug tracker. I just - wanted to collect some feedback here first. -- Gnome Screensaver should optionally disable audio input and output https://bugs.launchpad.net/bugs/275560 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is the registrant for gnome-screensaver. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 275560] [NEW] Gnome Screensaver should optionally disable audio input and output
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: gnome-screensaver This is an enhancement request related to a low-risk security vulnerability. Nothing serious but still would be nice to have this implemented. Currently you can password-protect your screen and input devices like keyboard and mouse using the Gnome Screensaver. This is useful when you need to leave the computer unattended for a while in a moderately insecure environment. But the audio input/output is not locked by the screensaver and that opens up a vulnerability. Here is a use case. You talk with Bob using Ekiga Softphone (an Internet telephony client). Then you lock your computer's screen and go out for a short while. If someone approaches your computer while you're out, they can use your headphones and microphone and may be able to impersonate you to Bob or hear some confidential talk that Bob intended only for you to hear. Gnome Screensaver should have an option to control whether audio input and output are enabled while your screen is locked. If you are aware of the risk, an easy (albeit often inconvenient) work- around exists: disconnect your Ekiga call before leaving — and generally make sure that running programs neither use the audio input from the microphone nor emit any confidential sounds. If the user doesn't have a security mindset, however, there is a chance that she won't think of this risk at all and will remain exposed. Although technically it is true that if the attacker can physically access your machine you're lost from the security point of view, actually there are many environments (like your home or maybe your workplace) where a screensaver lock is enough to stop casual eavesdroppers because they are not technically competent or because they wouldn't risk to mount a more serious attack which might involve opening up the case, connecting suspicious devices to it, etc. After all, nobody says that the screensaver password locking feature is _useless_. If it is useful to some extent, so will be the feature suggested here. Feel free to copy this suggestion to the upstream bug tracker. I just wanted to collect some feedback here first. ** Affects: gnome-screensaver (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Description changed: Binary package hint: gnome-screensaver This is an enhancement request related to a low-risk security vulnerability. Nothing serious but still would be nice to have this implemented. Currently you can password-protect your screen and input devices like keyboard and mouse using the Gnome Screensaver. This is useful when you need to leave the computer unattended for a while in a moderately insecure environment. But the audio input/output is not locked by the screensaver and that opens up a vulnerability. Here is a use case. You talk with Bob using Ekiga Softphone (an Internet telephony client). Then you lock your computer's screen and go out for a short while. If someone approaches your computer while you're out, they can use your headphones and microphone and may be able to impersonate you to Bob or - hear some confidential talk that Bob intended only you to hear. + hear some confidential talk that Bob intended only for you to hear. Gnome Screensaver should have an option to control whether audio input and output are enabled while your screen is locked. If you are aware of the risk, an easy (albeit often inconvenient) work- around exists: disconnect your Ekiga call before leaving — and generally make sure that running programs neither use the audio input from the microphone nor emit any confidential sounds. If the user doesn't have a - security mindset, there is a chance that she won't think of this risk at - all and will be leaving Ekiga running. + security mindset, however, there is a chance that she won't think of + this risk at all and will remain exposed. Although technically it is true that if the attacker can physically access your machine you're lost from the security point of view, actually there are many environments (like your home or maybe your workplace) where a screensaver lock is enough to stop casual eavesdroppers because they are not technically competent or because they wouldn't risk to mount a more serious attack which might involve opening up the case, connecting suspicious devices to it, etc. After all, nobody says that the screensaver password locking feature is _useless_. If it is useful to some extent, so will be the feature suggested here. Feel free to copy this suggestion to the upstream bug tracker. I just wanted to collect some feedback here first. -- Gnome Screensaver should optionally disable audio input and output https://bugs.launchpad.net/bugs/275560 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-screensaver
[Bug 253804] [NEW] Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more
*** This bug is a security vulnerability *** Public security bug reported: There's an exploit published on July 8, 2008 at http://www.milw0rm.com/exploits/6029 that says: Malicious SVG file DoS The following applications were tested in their latest revisions: Firefox's browse for file, preview object on linux: affected evince on linux: affected eog on linux: affected gimp on linux: affected inkscape on linux: unaffected Microsoft Visio on windows: unaffected It is unknown at this time whether code execution is possible... Unfortunately I currently lack the resources to verify the existence of the vulnerability. WARNING: the .zip file might harm your computer. Don't open it on your normal machine. A more or less safe way to test it would be to physically disconnect any important devices (all hard disks, network connections to any networks that trust your machine, etc.) and to boot from a live CD. But you should still know what you're doing. ** Affects: eog (Ubuntu) Importance: Undecided Status: New ** Affects: evince (Ubuntu) Importance: Undecided Status: New ** Affects: firefox (Ubuntu) Importance: Undecided Status: New ** Affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New ** Affects: gimp (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Changed in: firefox-3.0 (Ubuntu) Sourcepackagename: None = firefox-3.0 ** Also affects: firefox (Ubuntu) Importance: Undecided Status: New ** Also affects: evince (Ubuntu) Importance: Undecided Status: New ** Also affects: eog (Ubuntu) Importance: Undecided Status: New ** Also affects: gimp (Ubuntu) Importance: Undecided Status: New -- Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more https://bugs.launchpad.net/bugs/253804 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to eog in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
Re: [Bug 253804] Re: Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more
On Fri, Aug 1, 2008 at 05:01, Kees Cook wrote: I cannot reproduce this on any of the linked packages. Have you seen actual crashes? No, I didn't test it at all because I've got only one machine and it's in production use right now. I will post an update if I can reproduce it. I've also posted the link to oss-security in case anybody is interested to check whether it is a fake or not. -- Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more https://bugs.launchpad.net/bugs/253804 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to eog in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 253804] Re: Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more
** Description changed: - There's an exploit published on July 8, 2008 at + There's an proof-of-concept exploit published on July 8, 2008 at http://www.milw0rm.com/exploits/6029 that says: Malicious SVG file DoS The following applications were tested in their latest revisions: Firefox's browse for file, preview object on linux: affected evince on linux: affected eog on linux: affected gimp on linux: affected inkscape on linux: unaffected Microsoft Visio on windows: unaffected It is unknown at this time whether code execution is possible... Unfortunately I currently lack the resources to verify the existence of the vulnerability. WARNING: the .zip file might harm your computer. Don't open it on your normal machine. A more or less safe way to test it would be to physically disconnect any important devices (all hard disks, network connections to any networks that trust your machine, etc.) and to boot from a live CD. But you should still know what you're doing. -- Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more https://bugs.launchpad.net/bugs/253804 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to eog in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 253804] Re: Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more
** Description changed: - There's an proof-of-concept exploit published on July 8, 2008 at + There's an alleged proof-of-concept exploit published on July 8, 2008 at http://www.milw0rm.com/exploits/6029 that says: Malicious SVG file DoS The following applications were tested in their latest revisions: Firefox's browse for file, preview object on linux: affected evince on linux: affected eog on linux: affected gimp on linux: affected inkscape on linux: unaffected Microsoft Visio on windows: unaffected It is unknown at this time whether code execution is possible... Unfortunately I currently lack the resources to verify the existence of the vulnerability. WARNING: the .zip file might harm your computer. Don't open it on your normal machine. A more or less safe way to test it would be to physically disconnect any important devices (all hard disks, network connections to any networks that trust your machine, etc.) and to boot from a live CD. But you should still know what you're doing. -- Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more https://bugs.launchpad.net/bugs/253804 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to eog in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 246292] [NEW] [CVE-2008-2950] libpoppler uninitialized pointer leads to arbitrary code execution
*** This bug is a security vulnerability *** Public security bug reported: CVE-2008-2950 description from the oCERT advisory #2008-007: The poppler PDF rendering library suffers a memory management bug which leads to arbitrary code execution. The vulnerability is present in the Page class constructor/destructor. The pageWidgets object is not initialized in the Page constructor if specific conditions are met, but it is deleted afterwards in the destructor regardless of its initialization. Specific PDF files can be crafted which allocate arbitrary memory to trigger the vulnerability. http://www.ocert.org/advisories/ocert-2008-007.html A patch is included in the advisory. ** Affects: poppler (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2950 -- [CVE-2008-2950] libpoppler uninitialized pointer leads to arbitrary code execution https://bugs.launchpad.net/bugs/246292 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 246292] Re: [CVE-2008-2950] libpoppler uninitialized pointer leads to arbitrary code execution
Adding a CVE reference: CVE-2008-2950 -- [CVE-2008-2950] libpoppler uninitialized pointer leads to arbitrary code execution https://bugs.launchpad.net/bugs/246292 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 235829] Security implications of this crash
On Fri, Jun 27, 2008 at 23:08, Kees Cook wrote: Thanks for the bug report. This is actually not a security problem, but rather an unusual looking crash in the heap, and has already been reported. I am marking this as a duplicate. Please feel free to report any other issues you might find. Kees, thanks for your comment. Do you mean it is not exploitable so that arbitrary code execution is impossible? If a user opens a malicious playlist file, the worst that can happen is that her Rhythmbox would just crash. Is that correct? References: https://bugs.launchpad.net/ubuntu/+source/rhythmbox/+bug/243488 (duplicate) https://bugs.launchpad.net/ubuntu/+source/rhythmbox/+bug/235829 -- Rhythmbox crashed with SIGSEGV importing PLS file exported by Rhythmbox https://bugs.launchpad.net/bugs/235829 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 243487] [NEW] Evolution vulnerability via HTML frames
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: evolution Juan Pablo Lopez Yacubian reported the following vulnerability to Bugtraq: http://www.securityfocus.com/archive/1/493686/30/0/threaded ** Affects: evolution (Ubuntu) Importance: Undecided Status: New ** Affects: libgtkhtml2 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Also affects: libgtkhtml2 (Ubuntu) Importance: Undecided Status: New -- Evolution vulnerability via HTML frames https://bugs.launchpad.net/bugs/243487 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 243488] [NEW] Rhythmbox vulnerability via a crafted playlist file
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: rhythmbox Juan Pablo Lopez Yacubian reported the following vulnerability to Bugtraq: http://www.securityfocus.com/archive/1/493683/30/0/threaded ** Affects: rhythmbox (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- Rhythmbox vulnerability via a crafted playlist file https://bugs.launchpad.net/bugs/243488 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to rhythmbox in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
Re: [Bug 237690] Re: [New Upstream] Firefox 3 RC2 is available
On Thu, Jun 12, 2008 at 04:40, LumpyCustard wrote: As far as I know, there is no change of the code between rc2 and rc3 for Windows and Linux. They had to do a rc3 for Mac. Are there any detailed changelogs between Firefox release candidates? I tried to find them on their web sites but failed. -- [New Upstream] Firefox 3 RC2 is available https://bugs.launchpad.net/bugs/237690 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to devhelp in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 237956] [NEW] [CVE-2008-1108, CVE-2008-1109] Evolution iCalendar buffer overflows
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: evolution CVE-2008-1108 description: Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. CVE-2008-1109 description: Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1109 http://secunia.com/advisories/30298 ** Affects: evolution (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1108 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1109 -- [CVE-2008-1108, CVE-2008-1109] Evolution iCalendar buffer overflows https://bugs.launchpad.net/bugs/237956 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 205547] Re: resume produces blank screen when NVIDIA enabled on T61p
Sorry, Max, I don't know much about these bug reports and don't have any of the relevant hardware to test things either. You can use the Launchpad search feature to look for similar bugs that have already been reported. I guess you should file another bug report if the workarounds described here and in bug #202413 don't help. Your hardware (HP Pavilion dv6709AX) is not the same as Lenovo Thinkpad T61, so the problem you experience might be a totally unrelated one. -- resume produces blank screen when NVIDIA enabled on T61p https://bugs.launchpad.net/bugs/205547 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to yelp in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 136813] Re: (Gutsy) help button does not work in gnome-appearance-properties
This bug still occurs in Ubuntu 8.04 Hardy release when run from the live DVD. -- (Gutsy) help button does not work in gnome-appearance-properties https://bugs.launchpad.net/bugs/136813 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 205547] Re: resume produces blank screen when NVIDIA enabled on T61p
See also http://intertwingly.net/blog/2008/04/28/Sleep-Quirks-Debugged and bug #202413 which might be a similar problem. -- resume produces blank screen when NVIDIA enabled on T61p https://bugs.launchpad.net/bugs/205547 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to yelp in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 218652] [NEW] CVE-2008-1686: Multiple speex implementations insufficient boundary checks
*** This bug is a security vulnerability *** Public security bug reported: Description Uncontrolled array index in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. See: http://www.ocert.org/advisories/ocert-2008-2.html http://www.ocert.org/advisories/ocert-2008-004.html From the oCERT advisory #2008-002: The libfishsound decoder library incorrectly implements the reference speex decoder from the Speex library, performing insufficient boundary checks on a header structure read from user input. A user controlled field in the header structure is used to build a function pointer. The libfishsound implementation does not check for negative values for the field, allowing the function pointer to be pointed at an arbitary position in memory. This allows remote code execution. A patch has been committed to the libfishsound public repository. Affected version: = 0.9.0 Fixed version: 0.9.1 Additional affected packages: Speex = 1.1.12, the reference implementation from which libfishsound is derived. Illiminable DirectShow Filters, which statically include the libfishsound library. Annodex Plugins for Firefox. Credit: reporter wishes to remain anonymous CVE: CVE-2008-1686 From the oCERT advisory #2008-004: The reference speex decoder from the Speex library performs insufficient boundary checks on a header structure read from user input, this has been reported in oCERT-2008-002 advisory. Further investigation showed that several packages include similar code and are therefore vulnerable. In order to prevent the usage of incorrect header processing reference code, the speex_packet_to_header() function has been modified to bound the returned mode values in Speex = 1.2beta3.2. This change automatically fixes applications that use the Speex library dynamically. Affected version: gstreamer-plugins-good = 0.10.8 SDL_sound = 1.0.1 Speex = 1.1.12 (speexdec) Sweep = 0.9.2 vorbis-tools = 1.2.0 VLC Media Player = 0.8.6f xine-lib = 1.1.11.1 XMMS speex plugin Fixed version: gstreamer-plugins-good, = 0.10.8 (patched in CVS) SDL_sound, patched in CVS Speex = 1.2beta3.2 (patched in CVS) Sweep = 0.9.3 vorbis-tools, patched in CVS VLC Media Player, N/A xine-lib = 1.1.12 XMMS speex plugin, N/A Credit: see oCERT-2008-002, additionally we would like to thank Tomas Hoger from the Red Hat Security Response Team for his help in investigating the issue. CVE: CVE-2008-1686 ** Affects: gst-plugins-good0.10 (Ubuntu) Importance: Undecided Status: New ** Affects: libannodex (Ubuntu) Importance: Undecided Status: New ** Affects: libfishsound (Ubuntu) Importance: Undecided Status: New ** Affects: libsdl-sound1.2 (Ubuntu) Importance: Undecided Status: New ** Affects: speex (Ubuntu) Importance: Undecided Status: New ** Affects: sweep (Ubuntu) Importance: Undecided Status: New ** Affects: vlc (Ubuntu) Importance: Undecided Status: New ** Affects: vorbis-tools (Ubuntu) Importance: Undecided Status: New ** Affects: xine-lib (Ubuntu) Importance: Undecided Status: New ** Affects: xmms-speex (Ubuntu) Importance: Undecided Status: New ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1686 ** Changed in: speex (Ubuntu) Sourcepackagename: None = speex ** Also affects: libfishsound (Ubuntu) Importance: Undecided Status: New ** Also affects: libannodex (Ubuntu) Importance: Undecided Status: New ** Also affects: gst-plugins-good0.10 (Ubuntu) Importance: Undecided Status: New ** Also affects: libsdl-sound1.2 (Ubuntu) Importance: Undecided Status: New ** Also affects: sweep (Ubuntu) Importance: Undecided Status: New ** Also affects: vorbis-tools (Ubuntu) Importance: Undecided Status: New ** Also affects: vlc (Ubuntu) Importance: Undecided Status: New ** Also affects: xine-lib (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Also affects: xmms-speex (Ubuntu) Importance: Undecided Status: New -- CVE-2008-1686: Multiple speex implementations insufficient boundary checks https://bugs.launchpad.net/bugs/218652 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 205547] Re: resume produces blank screen when NVIDIA enabled on T61p
This issue is not related to yelp. Actually, it was reported in yelp by mistake, according to the reporter's blog. Marking as Invalid in yelp. ** Changed in: yelp (Ubuntu) Status: New = Invalid -- resume produces blank screen when NVIDIA enabled on T61p https://bugs.launchpad.net/bugs/205547 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to yelp in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 205547] Re: resume produces blank screen when NVIDIA enabled on T61p
This is a report of a genuine problem and should not be dismissed as Invalid without any investigation. Marking it as New again. ** Changed in: ubuntu Status: Invalid = New -- resume produces blank screen when NVIDIA enabled on T61p https://bugs.launchpad.net/bugs/205547 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to yelp in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 205547] Re: resume produces blank screen when NVIDIA enabled on T61p
Christophe, could you please explain why this is not a bug report? I see a real problem here that needs to be fixed. Resume should not result in a blank screen. -- resume produces blank screen when NVIDIA enabled on T61p https://bugs.launchpad.net/bugs/205547 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to yelp in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 209746] [NEW] File permissions are incorrect during file copy
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: nautilus From http://bugzilla.gnome.org/show_bug.cgi?id=458397 reported by Roberto Zunino: When copying files, files are created with the default umask permissions instead of using the permissions of the file being copied. Permissions are then fixed after the copy has been completed. This however leaves a window of vulnerability. Real world example: I just copyed my old home (perms=700) to a new disk. This took quite a long time, during which my home had permissions 775. Steps to reproduce: 1. Create a folder and put some large files inside 2. chmod 700 folder 3. Nautilus-copy it somewhere else Actual results: while copying, ls -d folder_copy shows 775 perms, and other users can go in and read inside the folders Expected results: folder_copy should be created with 700 perms Does this happen every time? yes Other information: The Right Thing would be to pass the correct permissions to open()/mkdir() etc. Failing that, a good enough easier fix would be to set umask to 700old_umask for the copying stuff. -[ End of bug report by Roberto Zunino ]--- I can reproduce this bug now with nautilus version 1:2.20.0-0ubuntu7.1 under Ubuntu 7.10 (Gutsy). I tried to copy a single regular file with the permissions set to 600, so the problem is not limited to copying directories. I'm marking this as a security vulnerability because under appropriate circumstances it can allow local users to read other's files effectively bypassing the permissions set by the owner. It is true that many users won't be affected by this but that's not a valid reason to ignore the problem. ** Affects: nautilus Importance: Unknown Status: Unknown ** Affects: nautilus (Ubuntu) Importance: Undecided Status: New ** Bug watch added: GNOME Bug Tracker #458397 http://bugzilla.gnome.org/show_bug.cgi?id=458397 ** Also affects: nautilus via http://bugzilla.gnome.org/show_bug.cgi?id=458397 Importance: Unknown Status: Unknown ** Visibility changed to: Public -- File permissions are incorrect during file copy https://bugs.launchpad.net/bugs/209746 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 161859] Re: Default options for vfat automount set +x
*** This bug is a duplicate of bug 14335 *** https://bugs.launchpad.net/bugs/14335 Mike, I think you are right. Thanks for the correction! ** This bug is no longer a duplicate of bug 78505 NTFS and FAT partitions mounted with executable bits ** This bug has been marked a duplicate of bug 14335 nautilus wants to execute all text files on a vfat flash drive -- Default options for vfat automount set +x https://bugs.launchpad.net/bugs/161859 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a direct subscriber (via bug 14335). -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
Re: [Bug 132828] Re: Caps Lock indication invalid when it is used to switch keyboard layouts
On Thu, Mar 27, 2008 at 11:05 AM, Basilio Kublik wrote: Hi there Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering is this still an issue for you? Can you try with the development version of Ubuntu, Hardy Heron? Unfortunately I cannot download and install Hardy beta to try it there. I'm currently using Ubuntu 7.10 Gutsy, and the bug is still there. I would be grateful if someone who has installed Hardy could try to reproduce this bug. If you (Basilio or anyone else reading this) are willing to help but cannot figure out how to reproduce it from the description in the post, please ask me and I'll provide step-by-step instructions how to check if this bug still exists. -- Caps Lock indication invalid when it is used to switch keyboard layouts https://bugs.launchpad.net/bugs/132828 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-screensaver in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 155263] Re: [gutsy] sdl games leave fullscreen mode without obvious reason
*** This bug is a duplicate of bug 163865 *** https://bugs.launchpad.net/bugs/163865 ** This bug has been marked a duplicate of bug 163865 something steals focus of fullscreen 3d apps -- [gutsy] sdl games leave fullscreen mode without obvious reason https://bugs.launchpad.net/bugs/155263 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-power-manager in ubuntu (via bug 163865). -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 163865] Re: something steals focus of fullscreen 3d apps
What's the difference between this bug and https://bugs.launchpad.net/ubuntu/+bug/155263? There's a suggestion https://bugs.launchpad.net/ubuntu/+bug/155263/comments/3 that this bug happens even when compiz is not running and #155263 occurs only with compiz, but now after reading the comments here I'm not sure. Has anyone experienced this problem while not running a 3D-enabled window manager (like compiz or beryl)? If no, bug #155263 should be merged with this one. -- something steals focus of fullscreen 3d apps https://bugs.launchpad.net/bugs/163865 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-power-manager in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 132812] Re: When moving, renaming, deleting files, their backup copies are not modified
** Bug watch added: GNOME Bug Tracker #46883 http://bugzilla.gnome.org/show_bug.cgi?id=46883 ** Also affects: nautilus via http://bugzilla.gnome.org/show_bug.cgi?id=46883 Importance: Unknown Status: Unknown -- When moving, renaming, deleting files, their backup copies are not modified https://bugs.launchpad.net/bugs/132812 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 132812] Re: When moving, renaming, deleting files, their backup copies are not modified
Whether backup copies should be renamed with their originals depends on the user's intent regarding the renaming. Consider the following use case: Apollo would like to debug his browser by resetting its configuration. He renames ~/.browser, his browser configuration file, to ~/.browser.old. He doesn't notice that the backup copy remains in ~/.browser~ because backups are hidden in Nautilus. Apollo creates a temporary configuration file ~/.browser and edits it several times using gedit while debugging his browser. When he is finished, he moves the temporary configuration file to Trash and renames ~/.browser.old back to ~/.browser. But when Apollo looks at the backup copy at ~/.browser~, he is surprised. He expected to find the same backup copy of the original file that was there before, but he finds instead the second latest copy of the temporary configuration file saved by gedit. Another use case about deleting sensitive information: Venus saved drafts of her love letters to Apollo in her home directory. Now that her hot-tempered husband Vulcan will come back from a journey soon, she destroys the evidence by moving her letters to Trash and emptying the Trash. She is not aware that the backup copies remain, because she did not get any warning about them, and they are hidden by default. Venus also doesn't understand the Unix permission model and her home directory is world-readable. When Vulcan looks there, he will find the disgraceful letters. Depending on the user's intent, sometimes the backup files should be treated as a single object with their originals, and sometimes not. What bothers me is that currently the user doesn't get to choose, and that leads to failures like those described in the use cases above. The proper way to fix this from the usability point of view is to put the home directory under a version control system. Until that is widely accepted, a work-around is required. It could be a configuration option to treat the backups and originals as a single object, or it could be a set of warning dialogs that would notify the user that her action was not applied to some backup copies of selected files and ask whether she wants to rename/move/delete the backups as well. The fix needs a bit more thinking before it can be implemented, but I hope the problem is clear now. ** Changed in: nautilus (Ubuntu) Status: Triaged = New -- When moving, renaming, deleting files, their backup copies are not modified https://bugs.launchpad.net/bugs/132812 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 132812] Re: When moving, renaming, deleting files, their backup copies are not modified
Sebastian, I accidentally changed reverted the status to New because I didn't notice you change it to Triaged. Please set the status of this bug to Triaged again. -- When moving, renaming, deleting files, their backup copies are not modified https://bugs.launchpad.net/bugs/132812 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 89219] Re: Switching back to an user account needs no password
** This bug has been flagged as a security issue -- Switching back to an user account needs no password https://bugs.launchpad.net/bugs/89219 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for gdm in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 132788] gedit doesn't notice that a file has been renamed
Public bug reported: Binary package hint: gedit When you edit a file in gedit and the file is renamed, gedit doesn't notice that the file on disk has disappeared. Instead, when trying to save a file that has been renamed, a warning should appear, similar to the yellow warning bar that appears when a file content has been modified by another program. Steps to reproduce the problem: 1. Open a new file in gedit. Save it to ~/foobar 2. Rename the file ~/foobar to ~/foobar.new 3. Modify the file inside gedit (this step can be omitted) 4. Press the Save button A new file ~/foobar is silently written. No indication is given to the user that the file was not there when saving. Expected behavior: Show a warning that the file has been renamed, moved, or deleted. Ask the user whether she really wants to save the file under the old name (to the old location). Better yet, determine what exactly happened to the file (was it renamed, moved, or deleted). If the file has been moved or renamed, suggest to save the file in the new location or under the new name, respectively. ProblemType: Bug Architecture: i386 Date: Thu Aug 16 00:52:51 2007 DistroRelease: Ubuntu 7.04 ExecutablePath: /usr/bin/gedit Package: gedit 2.18.1-0ubuntu1 PackageArchitecture: i386 ProcCmdline: gedit file:///home/users/alexkon/notebook/passwords/freechess.org ProcCwd: /home/users/alexkon ProcEnviron: LANGUAGE=en_US:en PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: gedit Uname: Linux chronos 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686 GNU/Linux ** Affects: gedit (Ubuntu) Importance: Undecided Status: New -- gedit doesn't notice that a file has been renamed https://bugs.launchpad.net/bugs/132788 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for gedit in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 132788] Re: gedit doesn't notice that a file has been renamed
** Attachment added: Dependencies.txt http://launchpadlibrarian.net/8844707/Dependencies.txt ** Attachment added: ProcMaps.txt http://launchpadlibrarian.net/8844708/ProcMaps.txt ** Attachment added: ProcStatus.txt http://launchpadlibrarian.net/8844709/ProcStatus.txt -- gedit doesn't notice that a file has been renamed https://bugs.launchpad.net/bugs/132788 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for gedit in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 132788] Re: gedit doesn't notice that a file has been renamed
** Description changed: Binary package hint: gedit When you edit a file in gedit and the file is renamed, gedit doesn't notice that the file on disk has disappeared. Instead, when trying to save a file that has been renamed, a warning should appear, similar to the yellow warning bar that appears when a file content has been modified by another program. Steps to reproduce the problem: 1. Open a new file in gedit. Save it to ~/foobar 2. Rename the file ~/foobar to ~/foobar.new 3. Modify the file inside gedit (this step can be omitted) 4. Press the Save button A new file ~/foobar is silently written. No indication is given to the user that the file was not there when saving. Expected behavior: Show a warning that the file has been renamed, moved, or deleted. Ask the user whether she really wants to save the file under the old name (to the old location). Better yet, determine what exactly happened to the file (was it renamed, moved, or deleted). If the file has been moved or renamed, suggest to save the file in the new location or under the new name, respectively. ProblemType: Bug Architecture: i386 Date: Thu Aug 16 00:52:51 2007 DistroRelease: Ubuntu 7.04 ExecutablePath: /usr/bin/gedit Package: gedit 2.18.1-0ubuntu1 PackageArchitecture: i386 - ProcCmdline: gedit file:///home/users/alexkon/notebook/passwords/freechess.org + ProcCmdline: gedit ProcCwd: /home/users/alexkon ProcEnviron: LANGUAGE=en_US:en PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: gedit Uname: Linux chronos 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686 GNU/Linux -- gedit doesn't notice that a file has been renamed https://bugs.launchpad.net/bugs/132788 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for gedit in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 132812] When moving, renaming, deleting files, their backup copies are not modified
Public bug reported: Binary package hint: nautilus When moving, renaming, and deleting files that have backup copies (those have the same filename with a tilde in the end, like 'filename~'), the backup copy is not affected by any such change to the main file. Since the backup copies are usually invisible (they are hidden by default), that leads to counter-intuitive experience, where as many files are moved, renamed, and deleted, they leave hidden traces that contain old information (which is potentially sensitive) and occupy disk space. Those remaining backup files usually have to be cleaned up manually, and some end up hanging around for a long time without being cleaned up. One way to fix this is to automatically apply the same change (renaming, moving, or deletion) to the backup copy if one exist. ProblemType: Bug Architecture: i386 Date: Thu Aug 16 02:30:33 2007 DistroRelease: Ubuntu 7.04 Package: nautilus 1:2.18.1-0ubuntu1 PackageArchitecture: i386 SourcePackage: nautilus Uname: Linux chronos 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686 GNU/Linux ** Affects: nautilus (Ubuntu) Importance: Undecided Status: New -- When moving, renaming, deleting files, their backup copies are not modified https://bugs.launchpad.net/bugs/132812 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 132812] Re: When moving, renaming, deleting files, their backup copies are not modified
** Attachment added: Dependencies.txt http://launchpadlibrarian.net/8845363/Dependencies.txt -- When moving, renaming, deleting files, their backup copies are not modified https://bugs.launchpad.net/bugs/132812 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 132824] gnome-games leaves .pyc files in site-packages when removed
Public bug reported: Binary package hint: gnome-games Removing gnome-games 1:2.18.1-0ubuntu1 (from 7.04 Feisty) leaves some directories and .pyc files in the following directories: /usr/lib/python2.5/site-packages/gnome_sudoku/ /usr/lib/python2.5/site-packages/glchess/ dpkg then complains that those directories are not empty and cannot be removed. If I remember correctly, I requested to purge gnome-games when this happened. ** Affects: gnome-games (Ubuntu) Importance: Undecided Status: New -- gnome-games leaves .pyc files in site-packages when removed https://bugs.launchpad.net/bugs/132824 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for gnome-games in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 132828] Caps Lock indication invalid when it is used to switch keyboard layouts
Public bug reported: Binary package hint: gnome-screensaver I use Caps Lock to switch keyboard layouts from one language to another. (It was recommended by the text mode installer of 7.04 Feisty Fawn, and it turned out to be very convenient indeed). The actual Caps Lock effect is achieved by pressing Shift+Caps Lock once. When my screen is locked by screen-saver, the password dialog appears. When I press Caps Lock to switch to the non-English layout, the password dialog shows a warning that I have the Caps Lock key on. That is incorrect, because pressing Caps Lock has switched the keyboard layout, but the real Caps Lock mode has remained lowercase. Conversely, when I press Shift+Caps Lock to enter the real Caps Lock mode while English layout is chosen, the warning is not shown. That is also incorrect. Because the Caps Lock mode has been activated, pressing letter keys yields uppercase characters. Expected behavior The password dialog should show the Caps Lock warning based on the actual default case of characters being entered, not based on the presses of the Caps Lock key. ProblemType: Bug Architecture: i386 Date: Thu Aug 16 03:29:11 2007 DistroRelease: Ubuntu 7.04 Package: gnome-screensaver 2.18.1-0ubuntu1 PackageArchitecture: i386 SourcePackage: gnome-screensaver Uname: Linux chronos 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686 GNU/Linux ** Affects: gnome-screensaver (Ubuntu) Importance: Undecided Status: New -- Caps Lock indication invalid when it is used to switch keyboard layouts https://bugs.launchpad.net/bugs/132828 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for gnome-screensaver in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 132828] Re: Caps Lock indication invalid when it is used to switch keyboard layouts
** Attachment added: Dependencies.txt http://launchpadlibrarian.net/8845828/Dependencies.txt -- Caps Lock indication invalid when it is used to switch keyboard layouts https://bugs.launchpad.net/bugs/132828 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug contact for gnome-screensaver in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs