Register | Log in

nautilus

file manager and graphical shell for GNOME

Choose email to subscribe with

general

source: nautilus (source, gnome)
version: 3.26.0-1
maintainer: Debian GNOME Maintainers (archive) [DMD]
uploaders: Jeremy Bicha [DMD] – Michael Biebl [DMD]
arch: all any
std-ver: 4.1.0
VCS: Subversion (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.4.2-1+build1
oldstable: 3.14.1-2
stable: 3.22.3-1
testing: 3.26.0-1
unstable: 3.26.0-1

versioned links

3.4.2-1+build1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.14.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.22.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.26.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-nautilus-3.0
libnautilus-extension-dev
libnautilus-extension1a
nautilus
nautilus-data

action needed

1 security issue in wheezy

high

There is 1 open security issue in wheezy.

1 important issue:

CVE-2017-14604: GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.

Please fix it.

Created: 2017-09-20 Last update: 2017-09-22 07:27

1 security issue in jessie

high

There is 1 open security issue in jessie.

1 important issue:

CVE-2017-14604: GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.

Please fix it.

Created: 2017-09-20 Last update: 2017-09-22 07:27

1 security issue in stretch

high

There is 1 open security issue in stretch.

1 important issue:

CVE-2017-14604: GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.

Please fix it.

Created: 2017-09-20 Last update: 2017-09-22 07:27

4 bugs tagged patch in the BTS

normal

The BTS contains patches fixing 4 bugs (5 if counting merged bugs), consider including or untagging them.

Created: 2017-08-12 Last update: 2017-09-25 19:02

lintian reports 8 warnings

normal

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-05-22 Last update: 2017-09-24 07:12

news

[2017-09-20] nautilus 3.26.0-1 MIGRATED to testing (Debian testing watch)
[2017-09-13] Accepted nautilus 3.26.0-1 (source) into unstable (Jeremy Bicha)
[2017-09-08] nautilus 3.25.92-1 MIGRATED to testing (Debian testing watch)
[2017-09-02] Accepted nautilus 3.25.92-1 (source) into unstable (Jeremy Bicha)
[2017-08-30] Accepted nautilus 3.25.90-1 (source) into unstable (Jeremy Bicha)
[2017-03-19] nautilus 3.22.3-1 MIGRATED to testing (Debian testing watch)
[2017-03-09] Accepted nautilus 3.22.3-1 (source) into unstable (Michael Biebl)
[2016-12-20] nautilus 3.22.2-1 MIGRATED to testing (Debian testing watch)
[2016-12-10] Accepted nautilus 3.22.2-1 (source) into unstable (Michael Biebl)
[2016-10-24] nautilus 3.22.1-2 MIGRATED to testing (Debian testing watch)
[2016-10-16] Accepted nautilus 3.22.1-2 (source) into unstable (Michael Biebl)
[2016-10-14] Accepted nautilus 3.22.1-1 (source) into unstable (Michael Biebl)
[2016-09-30] nautilus 3.22.0-1 MIGRATED to testing (Debian testing watch)
[2016-09-19] Accepted nautilus 3.22.0-1 (source) into unstable (Michael Biebl)
[2016-09-14] Accepted nautilus 3.21.92-3 (source) into unstable (Michael Biebl)
[2016-09-14] Accepted nautilus 3.21.92-2 (source) into unstable (Michael Biebl)
[2016-09-13] Accepted nautilus 3.21.92-1 (source) into unstable (Michael Biebl)
[2016-09-11] nautilus 3.21.91.1-1 MIGRATED to testing (Debian testing watch)
[2016-09-05] Accepted nautilus 3.21.91.1-1 (source) into unstable (Michael Biebl)
[2016-09-05] nautilus 3.20.3-1 MIGRATED to testing (Debian testing watch)
[2016-08-30] Accepted nautilus 3.20.3-1 (source amd64 all) into unstable (Andreas Henriksson)
[2016-06-10] nautilus 3.20.1-3 MIGRATED to testing (Debian testing watch)
[2016-06-04] Accepted nautilus 3.20.1-3 (source amd64 all) into unstable (Laurent Bigonville)
[2016-05-09] nautilus 3.20.1-2 MIGRATED to testing (Debian testing watch)
[2016-05-04] Accepted nautilus 3.20.1-2 (source) into unstable (Laurent Bigonville)
[2016-05-03] Accepted nautilus 3.20.1-1 (source) into unstable (Michael Biebl)
[2016-04-17] Accepted nautilus 3.20.0-1 (source) into unstable (Michael Biebl)
[2016-03-18] Accepted nautilus 3.19.93-1 (source amd64 all) into experimental (Andreas Henriksson)
[2016-02-05] nautilus 3.18.5-1 MIGRATED to testing (Debian testing watch)
[2016-01-30] Accepted nautilus 3.18.5-1 (source) into unstable (Michael Biebl)

1
2

bugs [bug history graph]

all: 209 221
RC: 0
I&N: 156 164
M&W: 53 57
F&P: 0
newcomer: 1

links

homepage
lintian (0, 8)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:3.26.0-0ubuntu1
1634 bugs (5 patches)
patches for 1:3.26.0-0ubuntu1

Debian Package Tracker — Copyright 2013-2016 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Git Repository — How to contribute