Package: gnome-vfs2
Version: 2.14.2-4
Severity: serious
Tags: security
Hi,
This seems to be an old known problem / bug / vulnerability which is
described here:
<https://bugzilla.novell.com/show_bug.cgi?id=238503>
It affects GNOME but not Xfce and KDE which work with the same
shared-mime-info data. It seems the freedesktop.org XML database
provides "OR" type matching instead of "AND" type matching on the
a) extension and b) magic criterions found in the database (that is: it
is enough to match the magic of a desktop file to be considered one,
even if the extension is not .desktop).
Some interesting bits:
<http://lists.freedesktop.org/archives/xdg/2007-January/thread.html#9150>
This is a design issue with shared-mime-info, but should be worked
around in gnome-vfs2 (I think).
Bye,
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
--
Loïc Minier <[EMAIL PROTECTED]>
