-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 07 Oct 2017 20:59:16 +0200 Source: nautilus Binary: nautilus libnautilus-extension1a libnautilus-extension-dev gir1.2-nautilus-3.0 nautilus-data Architecture: source Version: 3.22.3-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Yves-Alexis Perez <corsac@debian.org> Description: gir1.2-nautilus-3.0 - libraries for nautilus components - gir bindings libnautilus-extension-dev - libraries for nautilus components - development version libnautilus-extension1a - libraries for nautilus components - runtime version nautilus - file manager and graphical shell for GNOME nautilus-data - data files for nautilus Closes: 860268 Changes: nautilus (3.22.3-1+deb9u1) stretch-security; urgency=high . [ Phil Wyett ] * CVE-2017-14604: desktop_file_trust.patch + Spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. (Closes: #860268). - Initial patch by Phil Wyett <philwyett@kathenas.org> - Translations additions by Donncha O'Cearbhaill <donncha@donncha.is> . [ Yves-Alexis Perez ] * Non-maintainer upload by the Security Team. Checksums-Sha1: 1cee9c7dc0bc1cd2ac4f8be85a3b4ef1e0d1566c 2599 nautilus_3.22.3-1+deb9u1.dsc b3ba6c79d90ca6c875503a33b635f598ff7790e4 5104800 nautilus_3.22.3.orig.tar.xz c1d44ad5e4805e781f26661bd9be700c278e5575 27768 nautilus_3.22.3-1+deb9u1.debian.tar.xz Checksums-Sha256: 47365b9751f4e6031fd46bd3b24a4826c0a6ef188eadb81c61d19c2c71a65085 2599 nautilus_3.22.3-1+deb9u1.dsc 64c232f743a2bae3fce3c76d5aa65e378d11bb431fefde9013162069abff4e22 5104800 nautilus_3.22.3.orig.tar.xz e0e49aab49c5453558c39bb2a89ec61f550ca004525037917b65f8d2263c2c67 27768 nautilus_3.22.3-1+deb9u1.debian.tar.xz Files: 93b8d7276ab1f0b50b40fe6b1c34466c 2599 gnome optional nautilus_3.22.3-1+deb9u1.dsc ba8fa4513b4ec218e411ee3ef34fda53 5104800 gnome optional nautilus_3.22.3.orig.tar.xz fc9f543ec5f77f40144c8ed1ac86d7a3 27768 gnome optional nautilus_3.22.3-1+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEl0WwInMjgf6efq/1bdtT8qZ1wKUFAlnZJzQACgkQbdtT8qZ1 wKVgTAf/fhLLja9335NrCNroRkp3zcNN1BXx3AglZOND43A09xxAAw+4R/09Mzpw 0tyCPNouFE7akU9KTgGYMNTsLFTiCOAwxpzygHLxjmeuiyIUFHxNKDQsFaVpiZEk D1q/vOTgzxRWVczWW2xcaKOB/AqZxZcK/x39Ts7DVXAxYv1q5pqFbd4bwsmzItjX zu3X9aZbHznPMxcgXYQnZVfEgKDOYzii5HsVLIFiYFvok5eogssxcmECxUI/OYWf 9BaG8sZOOPEYXJT+bk0h2l75ApxyEiCsGdDOV6VIYOyIBfwzn+0UbfTl/O0+M2a/ fXEtnbqtNOU+CXqW97UerSKWHYKJUA== =meFK -----END PGP SIGNATURE-----