*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
Try copying a file with Nautilus that contains a single quote in its file name,
and it will fail stating that the source file does not exist.
Copying the very same file from bash with cp works without a hitch, however.
Flagging as security just in case that improper escaping might permit
injecting commands (untested).
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: nautilus 1:3.4.2-0ubuntu5
ProcVersionSignature: Ubuntu 3.2.0-32.51-generic 3.2.30
Uname: Linux 3.2.0-32-generic x86_64
NonfreeKernelModules: fglrx
ApportVersion: 2.0.1-0ubuntu14
Architecture: amd64
Date: Wed Nov 14 00:26:58 2012
GsettingsChanges:
org.gnome.nautilus.window-state geometry '1139x893+601+75'
org.gnome.nautilus.window-state sidebar-width 302
org.gnome.nautilus.window-state start-with-status-bar true
ProcEnviron:
LANGUAGE=de_DE:en
TERM=xterm
PATH=(custom, no user)
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: nautilus
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: nautilus (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug precise security
--
Nautilus cannot copy file names containing a single quote
https://bugs.launchpad.net/bugs/1078506
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
