[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1204-1] evince security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : evince
Version        : 3.4.0-3.1+deb7u2
CVE ID         : CVE-2017-1000159

It was discovered that there was an arbitrary command injection in the
evince PDF viewer.

A specially-crafted embedded DVI filename could be exploited to run
commands as the current user when "printing" to PDF.

For Debian 7 "Wheezy", this issue has been fixed in evince version
3.4.0-3.1+deb7u2.

We recommend that you upgrade your evince packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlousAYACgkQHpU+J9Qx
HlgB3g//UMtn05O4FvtIfmgeRg/uLcFB0MDIabKklz9AMZncFfsvYiIuV1VNmrKJ
APPQ1o7nScflEQbNtgiLkYJHb6xesMhM0Jdgar35af3qjMvjSyxsZWXWzyudzulH
PCl8kF4bjqR7l5zXKtMntEbpAoB5J3hm18XN0K13J18f+RwDKnc+nSwTs+fLeVhJ
IIQsiYxirzHnaHJWC3H22hUNTBIYLioJK2s1a69jXqKqxvwZgu9eOHzH2JfBaa/L
s7MLuMCpMJIlOeFuaFmPFH8jqMB0SIeFxOlPO9mCOQ0yae9IR3PuZPDW1VVuRhvJ
aaS3B+g2wi68b5M1LYKqNuTjHYM6c0YUA2AA6d5511UVZUO2wudRMdUaikhBtsOB
Xu/oooVmK53EDC4+ooRH95mU0jgFLJ+nYNY001lDDHBudJLs3U6uTckdn8rq9HU9
XDg9i1yGM0cRz33TAiKQ/jmKjAWxmZCfZVdhMM+/6APKK28NzaY3WZY2zmyXAsO1
UeZSq7NBCCm0jHiY+JHUCS9ymL/xPRkhfmozlyamt8LN8IKmzaywE4q1EbrPXFX1
l4NS8WyYyzgXTm+JFsughj9MoUHJ5hh3mUiCatfVwFuEBprGnuY+JJCP/om+ywT4
RzqhHdYHJyg1JC88+YfieDvj/iLlyVlqFNk1un0L5OOX2D//Vq4=
=Hjrt
-----END PGP SIGNATURE-----


Reply to: