[SECURITY] [DLA 1204-1] evince security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : evince
Version : 3.4.0-3.1+deb7u2
CVE ID : CVE-2017-1000159
It was discovered that there was an arbitrary command injection in the
evince PDF viewer.
A specially-crafted embedded DVI filename could be exploited to run
commands as the current user when "printing" to PDF.
For Debian 7 "Wheezy", this issue has been fixed in evince version
3.4.0-3.1+deb7u2.
We recommend that you upgrade your evince packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlousAYACgkQHpU+J9Qx
HlgB3g//UMtn05O4FvtIfmgeRg/uLcFB0MDIabKklz9AMZncFfsvYiIuV1VNmrKJ
APPQ1o7nScflEQbNtgiLkYJHb6xesMhM0Jdgar35af3qjMvjSyxsZWXWzyudzulH
PCl8kF4bjqR7l5zXKtMntEbpAoB5J3hm18XN0K13J18f+RwDKnc+nSwTs+fLeVhJ
IIQsiYxirzHnaHJWC3H22hUNTBIYLioJK2s1a69jXqKqxvwZgu9eOHzH2JfBaa/L
s7MLuMCpMJIlOeFuaFmPFH8jqMB0SIeFxOlPO9mCOQ0yae9IR3PuZPDW1VVuRhvJ
aaS3B+g2wi68b5M1LYKqNuTjHYM6c0YUA2AA6d5511UVZUO2wudRMdUaikhBtsOB
Xu/oooVmK53EDC4+ooRH95mU0jgFLJ+nYNY001lDDHBudJLs3U6uTckdn8rq9HU9
XDg9i1yGM0cRz33TAiKQ/jmKjAWxmZCfZVdhMM+/6APKK28NzaY3WZY2zmyXAsO1
UeZSq7NBCCm0jHiY+JHUCS9ymL/xPRkhfmozlyamt8LN8IKmzaywE4q1EbrPXFX1
l4NS8WyYyzgXTm+JFsughj9MoUHJ5hh3mUiCatfVwFuEBprGnuY+JJCP/om+ywT4
RzqhHdYHJyg1JC88+YfieDvj/iLlyVlqFNk1un0L5OOX2D//Vq4=
=Hjrt
-----END PGP SIGNATURE-----
Reply to: