Package: nautilus Version: 3.22.3-1 There is a bug in Nautilus that makes it possible to disguise a malicious script as an innocent document, like a PDF or ODT, that gets executed when the user opens it.
The upstream nautilus issue [1] has already been resolved, and will be released in nautilus 3.24. But since this is an important security issue, I think this patch should be backported so that it's fixed in older versions of Debian. See this blog post [2] for more about how this bug allows attackers to compromise the security-focused Debian-based distro Subgraph. [1] https://bugzilla.gnome.org/show_bug.cgi?id=777991 [2] https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
