Your message dated Thu, 15 Feb 2007 19:17:05 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#408556: fixed in nautilus 2.14.3-8 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: gnome-vfs2 Version: 2.14.2-4 Severity: serious Tags: security Hi, This seems to be an old known problem / bug / vulnerability which is described here: <https://bugzilla.novell.com/show_bug.cgi?id=238503> It affects GNOME but not Xfce and KDE which work with the same shared-mime-info data. It seems the freedesktop.org XML database provides "OR" type matching instead of "AND" type matching on the a) extension and b) magic criterions found in the database (that is: it is enough to match the magic of a desktop file to be considered one, even if the extension is not .desktop). Some interesting bits: <http://lists.freedesktop.org/archives/xdg/2007-January/thread.html#9150> This is a design issue with shared-mime-info, but should be worked around in gnome-vfs2 (I think). Bye, -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-686 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) -- Loïc Minier <[EMAIL PROTECTED]>
--- End Message ---
--- Begin Message ---Source: nautilus Source-Version: 2.14.3-8 We believe that the bug you reported is fixed in the latest version of nautilus, which is due to be installed in the Debian FTP archive: libnautilus-extension-dev_2.14.3-8_amd64.deb to pool/main/n/nautilus/libnautilus-extension-dev_2.14.3-8_amd64.deb libnautilus-extension1_2.14.3-8_amd64.deb to pool/main/n/nautilus/libnautilus-extension1_2.14.3-8_amd64.deb nautilus-data_2.14.3-8_all.deb to pool/main/n/nautilus/nautilus-data_2.14.3-8_all.deb nautilus-dbg_2.14.3-8_amd64.deb to pool/main/n/nautilus/nautilus-dbg_2.14.3-8_amd64.deb nautilus_2.14.3-8.diff.gz to pool/main/n/nautilus/nautilus_2.14.3-8.diff.gz nautilus_2.14.3-8.dsc to pool/main/n/nautilus/nautilus_2.14.3-8.dsc nautilus_2.14.3-8_amd64.deb to pool/main/n/nautilus/nautilus_2.14.3-8_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Josselin Mouette <[EMAIL PROTECTED]> (supplier of updated nautilus package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 15 Feb 2007 19:15:30 +0100 Source: nautilus Binary: libnautilus-extension-dev libnautilus-extension1 nautilus-data nautilus-dbg nautilus Architecture: source amd64 all Version: 2.14.3-8 Distribution: unstable Urgency: medium Maintainer: Josselin Mouette <[EMAIL PROTECTED]> Changed-By: Josselin Mouette <[EMAIL PROTECTED]> Description: libnautilus-extension-dev - libraries for nautilus components - development version libnautilus-extension1 - libraries for nautilus components - runtime version nautilus - file manager and graphical shell for GNOME nautilus-data - data files for nautilus nautilus-dbg - file manager and graphical shell for GNOME - debugging version Closes: 408556 408948 Changes: nautilus (2.14.3-8) unstable; urgency=medium . [ Loic Minier ] * Add a get-orig-source target to retrieve the upstream tarball. . [ Josselin Mouette ] * 02_umask.patch: use the recommended method upstream, which should be thread-safe and supports ACLs. * 07_desktop_file_activation.patch: + Don't launch desktop files that aren't at safe places (closes: #408556). This doesn't affect desktop files that are merely links. + Don't launch those that don't end with .desktop (closes: #408948). Files: 6858a80e95571a693c3a5a4d80b5d11f 1803 gnome optional nautilus_2.14.3-8.dsc 150f42c684ef5809a176ad5db3529ca4 27213 gnome optional nautilus_2.14.3-8.diff.gz 8412935de3a2c2067d6fffb33e422c1d 3503198 gnome optional nautilus-data_2.14.3-8_all.deb cf335916d1491abcca03fc2939ee75a7 630994 gnome optional nautilus_2.14.3-8_amd64.deb f9f33daa4669e291612a8f9faf3814b3 1739048 gnome extra nautilus-dbg_2.14.3-8_amd64.deb 704d8af3a4f8dd496bd12d881b3cc866 84396 libs optional libnautilus-extension1_2.14.3-8_amd64.deb 4fd578284490e363b3a79307f9f9b1c7 78992 libdevel optional libnautilus-extension-dev_2.14.3-8_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF1K34rSla4ddfhTMRAkcoAKC9/xBElbaxj43PlhPFZ0+rCNO/YgCgimmk OMxJN3zSlwAfQGJWWnFSCek= =Gr95 -----END PGP SIGNATURE-----
--- End Message ---
