[Secure-testing-team] Bug#720118: cinnamon: silently installs a plugin into browsers
Christoph Anton Mitterer
calestyo at scientia.net
Sun Aug 18 21:47:27 UTC 2013
Package: cinnamon
Version: 1.7.4-2.1
Severity: important
Tags: security
Hi.
For the same (security) reasons discussed in #660311, cinnamon shouldn't
as well install any browser plugins per default into the user's browsers
when these could lead to untrusted code (i.e. not from the Debian archive)
being installed.
The proper solution IMHO, would be to put that plugin into a separate
package, that cinnamon Suggests.
Cheers,
Chris.
PS: Yeah I know that the GNOME (deb) maintainers ignore the request away,
but I guess this is like GNOME vs. Cinnamon - force vs. freedom, so I guess
you don't have to follow their example ;-)
More information about the Secure-testing-team
mailing list