[SECURITY] [DLA 1881-1] evince security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : evince
Version : 3.14.1-2+deb8u3
CVE ID : CVE-2017-1000159 CVE-2019-11459 CVE-2019-1010006
A few issues were found in the Evince document viewer.
CVE-2017-1000159
When printing from DVI to PDF, the dvipdfm tool was called without
properly sanitizing the filename, which could lead to a command
injection attack via the filename.
CVE-2019-11459
The tiff_document_render() and tiff_document_get_thumbnail() did
not check the status of TIFFReadRGBAImageOriented(), leading to
uninitialized memory access if that funcion fails.
CVE-2019-1010006
Some buffer overflow checks were not properly done, leading to
application crash or possibly arbitrary code execution when
opening maliciously crafted files.
For Debian 8 "Jessie", these problems have been fixed in version
3.14.1-2+deb8u3.
We recommend that you upgrade your evince packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1SqhoACgkQnUbEiOQ2
gwJUqBAApx4Lk52L/xsbI5E6Ly+ZR7g2PjAfO7rPHzTQo/l1GsGYr5TnhboUrPdG
uTirUgMrFvnAYALG7uWjRUhD5nHe/fgH+x/mfTtBX2Z77M0ufRNd/cL2mqZeB7a+
2ajBLG5/QNr3Ob9r0CeAQmtiM170en4JlE7xLZ9IBH3du2ZwgJzy8YD93fO4HSLb
8MagHhEncodKEhnzfjoki2fTsj1fepamyJcntJi/J/kyU2EEEt1wWVnV1abKMGx3
Kh3ogSJZPwETrTPjse78/t1CtEMhBgsrCnqO4UkdWX0ZCSsqjr9eIDsaZoMCVxQf
EcGNFVm5fOp2SaOqfmKCzXheY1R5hB67+z/ObzG+eqPEDJF7G6+krWDccLokqeri
Uvs1OmtCu6RXyqjrFcG9gQYaz8OJm39ofSnFNTJIzT7ZNduvs1BqCIDG0UxMJdit
aP/jG0qQUIXgMhOfV7J68swnkSBmlkE45gzR7Q/2UjB1u4fXZW1huGkfpuDkye3H
XOjkGNi0KiPjHI7YXwQ6hvq539V3XLfGDrtIPkaLQj9Ug0l1Hp+Ltuhx/y/5r9ew
/2szUobwd3nA6OI5hUMKEcEn1osi1lJOEyHe2hvV5Hmo51Q7VwKCbdX5cBmtQemC
Xpf4M4iViRiwB1sJLKQqs5yp5ZnNhM2tVFX2TVqYptx7R7Jqiug=
=HXPT
-----END PGP SIGNATURE-----
Reply to: