2017-04-13 19:40:02 UTC
There is a bug in Nautilus that makes it possible to disguise a
malicious script as an innocent document, like a PDF or ODT, that gets
executed when the user opens it.
The upstream nautilus issue  has already been resolved, and will be
released in nautilus 3.24. But since this is an important security
issue, I think this patch should be backported so that it's fixed in
older versions of Debian.
See this blog post  for more about how this bug allows attackers to
compromise the security-focused Debian-based distro Subgraph.