Package: nautilus Version: 2.20-7 Severity: grave Tags: security as you have probably seen by now, there has been a lot of coverage about the potential avenue for exploits via kde and gnome application launchers (it looks like xfce is safe, for now) [1], [2], [3].
the core of the problem is that launchers have the ability to execute perl, python, etc scripts without the executable bit set. this makes it much easier for an attacker to get the user to download and run potentially malicious code. regards, mike [1] http://www.geekzone.co.nz/foobar/6229 [2] http://www.geekzone.co.nz/foobar/6236 [3] http://lwn.net/Articles/178409/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
