openjdk team mailing list archive

[Kees Cook <kees@xxxxxxxxxx>]

Public bug reported:

Binary package hint: nautilus

Following the ratification of the "Execute-Permission Bit Required" security policy, several packages need to have their mime handlers updated to reject opening of various file types that are actually executables when they lack the execute bit.
https://wiki.ubuntu.com/SecurityTeam/Policies#Execute-Permission%20Bit%20Required

** Affects: nautilus (Ubuntu)
     Importance: High
         Status: Confirmed

** Affects: openjdk-6 (Ubuntu)
     Importance: High
         Status: Confirmed

** Affects: sun-java6 (Ubuntu)
     Importance: High
         Status: Confirmed

** Affects: wine (Ubuntu)
     Importance: High
         Status: Confirmed

** Also affects: sun-java6 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: openjdk-6 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: wine (Ubuntu)
   Importance: Undecided
       Status: New

-- 
needs to block non-executable files from executing
https://bugs.launchpad.net/bugs/506702
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.

Status in “nautilus” package in Ubuntu: Confirmed
Status in “openjdk-6” package in Ubuntu: Confirmed
Status in “sun-java6” package in Ubuntu: Confirmed
Status in “wine” package in Ubuntu: Confirmed

Bug description:
Binary package hint: nautilus

Following the ratification of the "Execute-Permission Bit Required" security policy, several packages need to have their mime handlers updated to reject opening of various file types that are actually executables when they lack the execute bit.
https://wiki.ubuntu.com/SecurityTeam/Policies#Execute-Permission%20Bit%20Required