[SECURITY] [DLA 1204-1] evince security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1204-1] evince security update
From: Chris Lamb <lamby@debian.org>
Date: Mon, 11 Dec 2017 16:19:28 +0000
Message-id: <[🔎] 1513009168.3744231.1201279728.2796A5FA@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : evince
Version        : 3.4.0-3.1+deb7u2
CVE ID         : CVE-2017-1000159

It was discovered that there was an arbitrary command injection in the
evince PDF viewer.

A specially-crafted embedded DVI filename could be exploited to run
commands as the current user when "printing" to PDF.

For Debian 7 "Wheezy", this issue has been fixed in evince version
3.4.0-3.1+deb7u2.

We recommend that you upgrade your evince packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlousAYACgkQHpU+J9Qx
HlgB3g//UMtn05O4FvtIfmgeRg/uLcFB0MDIabKklz9AMZncFfsvYiIuV1VNmrKJ
APPQ1o7nScflEQbNtgiLkYJHb6xesMhM0Jdgar35af3qjMvjSyxsZWXWzyudzulH
PCl8kF4bjqR7l5zXKtMntEbpAoB5J3hm18XN0K13J18f+RwDKnc+nSwTs+fLeVhJ
IIQsiYxirzHnaHJWC3H22hUNTBIYLioJK2s1a69jXqKqxvwZgu9eOHzH2JfBaa/L
s7MLuMCpMJIlOeFuaFmPFH8jqMB0SIeFxOlPO9mCOQ0yae9IR3PuZPDW1VVuRhvJ
aaS3B+g2wi68b5M1LYKqNuTjHYM6c0YUA2AA6d5511UVZUO2wudRMdUaikhBtsOB
Xu/oooVmK53EDC4+ooRH95mU0jgFLJ+nYNY001lDDHBudJLs3U6uTckdn8rq9HU9
XDg9i1yGM0cRz33TAiKQ/jmKjAWxmZCfZVdhMM+/6APKK28NzaY3WZY2zmyXAsO1
UeZSq7NBCCm0jHiY+JHUCS9ymL/xPRkhfmozlyamt8LN8IKmzaywE4q1EbrPXFX1
l4NS8WyYyzgXTm+JFsughj9MoUHJ5hh3mUiCatfVwFuEBprGnuY+JJCP/om+ywT4
RzqhHdYHJyg1JC88+YfieDvj/iLlyVlqFNk1un0L5OOX2D//Vq4=
=Hjrt
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1203-1] xrdp security update
Next by Date: [SECURITY] [DLA 1205-1] simplesamlphp security update
Previous by thread: [SECURITY] [DLA 1203-1] xrdp security update
Next by thread: [SECURITY] [DLA 1205-1] simplesamlphp security update
Index(es):
- Date
- Thread