** Summary changed:
- should have apparmor profile for gnome-thumbnail-font
+ gnome thumbnailers should have an apparmor profile
** Also affects: totem (Ubuntu)
Importance: Undecided
Status: New
** Changed in: totem (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: totem (Ubuntu)
Status: New => Triaged
** Description changed:
Binary package hint: gnome-control-center
- Nautilus normally uses gnome-thumbnail-font to provide font previews. Eg:
+ Nautilus normally uses gnome-thumbnail-font, to provide font previews. Eg:
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/enable
true
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/command
gnome-thumbnail-font %u %o
If a flaw is discovered in a font library or Gnome and a user navigates
to a directory that has a malicious font file, gnome-tumbnail-font could
be used to execute arbitrary code, write out to files or leak
information. Providing an apparmor profile for gnome-thumbnail-font
would be a good step towards proactively protecting the user from this
sort of attack.
+
+ nautilus also use totem-video-thumbnail and evince-thumbnailer. evince-
+ thumbnailer has an apparmor profile already. For images, nautilus uses
+ gdk-pixbuf routines via gnome-desktop, but these can be altered to use
+ evince-thumbnailer by installing schema files for these images.
** Also affects: gnome-desktop (Ubuntu)
Importance: Undecided
Status: New
** Changed in: gnome-desktop (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: gnome-desktop (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/715874
Title:
gnome thumbnailers should have an apparmor profile
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
