Package: konqueror Version: 4:3.5.9.dfsg.1-6 Severity: grave Tags: security
as you have probably seen by now, there has been a lot of coverage about the potential avenue for exploits via kde and gnome application launchers (it looks like xfce is safe, for now) [1], [2], [3]. the core of the problem is that launchers have the ability to execute perl, python, etc scripts without the executable bit set. this makes it much easier for an attacker to get the user to download and run potentially malicious code. fyi, you can also track the progress on this bug in the nautilus package here [4]. regards, mike [1] http://www.geekzone.co.nz/foobar/6229 [2] http://www.geekzone.co.nz/foobar/6236 [3] http://lwn.net/Articles/178409/ [4] http://bugs.debian.org/515104 -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
