On Wed, Oct 11, 2017 at 2:34 PM, Phil Wyett <philwy...@kathenas.org> wrote: > I have looked at both 'jessie' and 'wheezy'. Both are not affected by this > specific issue and have mechanism(s) like stretch (with update) and newer > versions of nautilus that display and require input when confronted with > certain > file types.
nautilus 3.22 introduced integrated (almost silent) tarball decompression support which makes the test case for this vulnerability a lot simpler. Thanks, Jeremy Bicha