Bug#954891: okular: CVE-2020-9359: Local binary execution via action links
Source: okular
Version: 4:19.12.3-1
Severity: important
Tags: security upstream
Control: found -1 4:17.12.2-2.2
Control: found -1 4:16.08.2-1+deb9u1
Control: found -1 4:16.08.2-1
Hi,
The following vulnerability was published for okular.
CVE-2020-9359[0]:
| KDE Okular before 1.10.0 allows code execution via an action link in a
| PDF document.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-9359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9359
[1] https://kde.org/info/security/advisory-20200312-1.txt
[2] https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
Regards,
Salvatore
Reply to: