Debian Package Tracker

general

source: nautilus (main)
version: 3.30.5-1
maintainer: Debian GNOME Maintainers (archive) [DMD]
uploaders: Tim Lunn [DMD] [dm] – Jeremy Bicha [DMD] – Iain Lane [DMD]
arch: all any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 3.14.1-2
stable: 3.22.3-1+deb9u1
stable-sec: 3.22.3-1+deb9u1
testing: 3.30.5-1
unstable: 3.30.5-1
exp: 3.31.90-1

versioned links

3.14.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.22.3-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.30.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.31.90-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-nautilus-3.0
libnautilus-extension-dev
libnautilus-extension1a
nautilus
nautilus-data

action needed

A new upstream version is available: 3.32.0 high

A new upstream version 3.32.0 is available, you should consider packaging it.

Created: 2019-03-20 Last update: 2019-04-25 03:43

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2019-11461: An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

Please fix it.

Created: 2019-04-23 Last update: 2019-04-24 07:57

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-11461: An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

Please fix it.

Created: 2019-04-23 Last update: 2019-04-24 07:57

4 bugs tagged patch in the BTS normal

The BTS contains patches fixing 4 bugs (5 if counting merged bugs), consider including or untagging them.

Created: 2019-04-01 Last update: 2019-04-25 08:37

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 3.31.90-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 9ade6ae40871f3757505b4da4888f2b47ecf19de
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Thu Apr 4 19:32:06 2019 +0200

    * debian/control.in:
      - Breaks/Replaces totem (<< 3.31.91-1) since libtotem-properties-page
        used to be included in that binary and got move to nautilus

commit 74416baa31789b3d6214e09278d0c515f6d749c2
Author: Laurent Bigonville <bigon@debian.org>
Date:   Sun Mar 17 15:34:55 2019 +0100

    Add tracker-extract to the dependencies, nautilus now requires the org.freedesktop.Tracker.Miner.Files schema

commit ed1dbb4088ca510c809ba48b97b8f60cb9908f72
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Thu Feb 7 05:33:22 2019 -0500

    Depend on tracker-miner-fs
    
    LP: #1815025

Created: 2019-02-07 Last update: 2019-04-24 11:30

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-13 Last update: 2019-04-14 18:07

1 ignored security issue in jessie low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2017-14604: GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.

Please fix it.

Created: 2017-09-20 Last update: 2019-04-24 07:57

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2018-12-23 17:14

news

[rss feed]

[2019-02-06] Accepted nautilus 3.31.90-1 (source) into experimental (Jeremy Bicha)
[2018-12-29] nautilus 3.30.5-1 MIGRATED to testing (Debian testing watch)
[2018-12-22] Accepted nautilus 3.30.5-1 (source) into unstable (Jeremy Bicha)
[2018-12-03] nautilus 3.30.4-1 MIGRATED to testing (Debian testing watch)
[2018-11-28] Accepted nautilus 3.30.4-1 (source) into unstable (Iain Lane)
[2018-11-14] nautilus 3.30.3-1 MIGRATED to testing (Debian testing watch)
[2018-11-09] Accepted nautilus 3.30.3-1 (source) into unstable (Simon McVittie)
[2018-09-19] nautilus 3.30.0-4 MIGRATED to testing (Debian testing watch)
[2018-09-13] Accepted nautilus 3.30.0-4 (source) into unstable (Jeremy Bicha)
[2018-09-13] Accepted nautilus 3.30.0-3 (source) into unstable (Jeremy Bicha)
[2018-09-10] Accepted nautilus 3.30.0-2 (source) into unstable (Jeremy Bicha)
[2018-09-10] nautilus 3.30.0-1 MIGRATED to testing (Debian testing watch)
[2018-09-04] Accepted nautilus 3.30.0-1 (source) into unstable (Andreas Henriksson)
[2018-08-21] Accepted nautilus 3.29.90.1-1 (source) into experimental (Simon McVittie)
[2018-04-15] Accepted nautilus 3.28.1-1 (source) into experimental (Tim Lunn)
[2018-04-12] nautilus 3.26.3.1-1 MIGRATED to testing (Debian testing watch)
[2018-04-06] Accepted nautilus 3.26.3.1-1 (source) into unstable (Jeremy Bicha)
[2018-03-30] Accepted nautilus 3.28.0.1-1 (source) into experimental (Tim Lunn)
[2018-02-19] Accepted nautilus 3.27.90-1 (source) into experimental (Tim Lunn) (signed by: Jeremy Bicha)
[2018-02-05] nautilus 3.26.2-2 MIGRATED to testing (Debian testing watch)
[2018-01-30] Accepted nautilus 3.26.2-2 (source) into unstable (Jeremy Bicha)
[2017-12-21] nautilus 3.26.2-1 MIGRATED to testing (Debian testing watch)
[2017-12-16] Accepted nautilus 3.26.2-1 (source) into unstable (Jeremy Bicha)
[2017-10-08] Accepted nautilus 3.22.3-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Yves-Alexis Perez)
[2017-09-20] nautilus 3.26.0-1 MIGRATED to testing (Debian testing watch)
[2017-09-13] Accepted nautilus 3.26.0-1 (source) into unstable (Jeremy Bicha)
[2017-09-08] nautilus 3.25.92-1 MIGRATED to testing (Debian testing watch)
[2017-09-02] Accepted nautilus 3.25.92-1 (source) into unstable (Jeremy Bicha)
[2017-08-30] Accepted nautilus 3.25.90-1 (source) into unstable (Jeremy Bicha)
[2017-03-19] nautilus 3.22.3-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 214 225
RC: 0
I&N: 167 174
M&W: 47 51
F&P: 0
patch: 4 5
NC: 2

links

homepage
lintian (0, 4)
buildd: logs, exp, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:3.32.0-0ubuntu2
665 bugs (5 patches)