Publishing details

• Published on 2017-12-09

Changelog

nautilus (3.22.3-1+deb9u1) stretch-security; urgency=high

  [ Phil Wyett ]
  * CVE-2017-14604: desktop_file_trust.patch
    + Spoof a file type by using the .desktop file extension, as demonstrated
      by an attack in which a .desktop file's Name field ends in .pdf but
      this file's Exec field launches a malicious "sh -c" command.
      (Closes: #860268).
      - Initial patch by Phil Wyett <email address hidden>
      - Translations additions by Donncha O'Cearbhaill <email address hidden>

  [ Yves-Alexis Perez ]
  * Non-maintainer upload by the Security Team.

 -- Yves-Alexis Perez <email address hidden>  Sat, 07 Oct 2017 20:59:16 +0200

Builds

Package files

• nautilus_3.22.3-1+deb9u1.debian.tar.xz (27.1 KiB)
• nautilus_3.22.3-1+deb9u1.dsc (2.5 KiB)
• nautilus_3.22.3.orig.tar.xz (4.9 MiB)