Summary: | <app-text/atril-1.12.2-r5: Command injection vulnerability in CBT handler | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mate |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.gnome.org/show_bug.cgi?id=784630 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 624882 |
Description
Kristian Fiskerstrand (RETIRED)
2017-07-13 16:55:36 UTC
atril upstream picked a different solution and dropped support for files containing "--checkpoint-action=", see https://github.com/mate-desktop/atril/commit/f4291fd62f7dfe6460d2406a979ccfac0c68dd59 Please bump to >=app-text/atril-1.19.1 or backport the fix. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/gentoo-mate.git/commit/?id=ced50dd61da2d434a71ec88f0fec8bd0d52b12e2 commit ced50dd61da2d434a71ec88f0fec8bd0d52b12e2 Author: NP-Hardass <NP-Hardass@gentoo.org> AuthorDate: 2018-02-23 20:19:06 +0000 Commit: NP-Hardass <NP-Hardass@gentoo.org> CommitDate: 2018-02-23 20:19:06 +0000 app-text/atril: Fix CVE-2017-1000083 Bug: https://bugs.gentoo.org/624880 Package-Manager: Portage-2.3.24, Repoman-2.3.6 ...ril-1.12.2-r4.ebuild => atril-1.12.2-r5.ebuild} | 4 +++- ...ril-1.14.2-r1.ebuild => atril-1.14.2-r2.ebuild} | 4 +++- ...ril-1.16.1-r1.ebuild => atril-1.16.1-r2.ebuild} | 4 +++- app-text/atril/files/atril-cve-2017-1000083.patch | 28 ++++++++++++++++++++++ 4 files changed, 37 insertions(+), 3 deletions(-)} The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50d9a00ce8479638672bc7938ce9dc388172a82f commit 50d9a00ce8479638672bc7938ce9dc388172a82f Author: NP-Hardass <NP-Hardass@gentoo.org> AuthorDate: 2018-02-23 20:19:06 +0000 Commit: NP-Hardass <NP-Hardass@gentoo.org> CommitDate: 2018-02-23 20:22:55 +0000 app-text/atril: Fix CVE-2017-1000083 Bug: https://bugs.gentoo.org/624880 Package-Manager: Portage-2.3.24, Repoman-2.3.6 ...ril-1.12.2-r4.ebuild => atril-1.12.2-r5.ebuild} | 4 +++- ...ril-1.14.2-r1.ebuild => atril-1.14.2-r2.ebuild} | 4 +++- ...ril-1.16.1-r1.ebuild => atril-1.16.1-r2.ebuild} | 4 +++- app-text/atril/files/atril-cve-2017-1000083.patch | 28 ++++++++++++++++++++++ 4 files changed, 37 insertions(+), 3 deletions(-)} GLSA Vote: No! Stable keywords were preserved. Repository is clean, all done. |