| Summary: | <app-text/evince-3.24.2-r1: command injection via filename | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | gnome |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | B2 [glsa+ cve] | ||
| Package list: |
app-text/evince-3.24.2-r1
|
Runtime testing required: | --- |
|
Description
GLSAMaker/CVETool Bot
2018-03-12 12:42:46 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63261207cee6515e48676d60757afd9655a49ad6 commit 63261207cee6515e48676d60757afd9655a49ad6 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2018-04-14 19:15:50 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2018-04-14 19:16:04 +0000 app-text/evince: Fix CVE-2017-1000159 Bug: https://bugs.gentoo.org/650272 Package-Manager: Portage-2.3.28, Repoman-2.3.9 app-text/evince/evince-3.24.2-r1.ebuild | 102 +++++++++++++++++++++ .../evince/files/3.24.2-CVE-2017-1000159.patch | 42 +++++++++ 2 files changed, 144 insertions(+)} The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b9a7713bf19a87b5fc57d6c63d7a45b4e95fadaa commit b9a7713bf19a87b5fc57d6c63d7a45b4e95fadaa Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-15 03:59:46 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-15 04:03:13 +0000 app-text/evince: amd64 stable Bug: https://bugs.gentoo.org/650272 Package-Manager: Portage-2.3.28, Repoman-2.3.9 app-text/evince/evince-3.24.2-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} x86 stable cleanup done GLSA request filed. This issue was resolved and addressed in GLSA 201804-15 at https://security.gentoo.org/glsa/201804-15 by GLSA coordinator Aaron Bauman (b-man). |