Control: user [email protected] Control: usertag -1 + misc-reported Control: usertag -1 + for-stretch
Hi, sajolida: > Steps to reproduce in GNOME: Good catch, thanks! Reproduced on current sid. The Journal tells me: org.gnome.Nautilus[5383]: Traceback (most recent call last): org.gnome.Nautilus[5383]: File "/usr/share/nautilus-python/extensions/nautilus-mat.py", line 80, in menu_activate_cb org.gnome.Nautilus[5383]: if file.is_gone(): org.gnome.Nautilus[5383]: AttributeError: type object 'file' has no attribute 'is_gone' The root cause of the problem seems obvious to me, and I'm working on a fix upstream as we speak. > I'm flagging this as "important" for the time being but I think that > it's a serious security issue since people might got use to clean > metadata from backup file in comparison with the version in Jessie. So, > in my opinion, and if I understood correctly, this renders MAT useless > for probably most of its actual uses. It's not obvious to me that most MAT users use it via the Nautilus contextual menu: the package also provides a CLI and a GUI, and not everyone uses GNOME and Nautilus. So I'm a bit unsure about bumping the severity to RC. Now, on the grounds that it's a very real security issue, I will definitely handle this with high priority (ensure 1. the new upstream maintainer requests a CVE; 2. this is fixed in Stretch; 3. counter-measures are put in place upstream and in Debian so this kind of issues never lands into a released package anymore). Cheers, -- intrigeri
