+++ This bug was initially created as a clone of Bug #624876 +++ Evince 3.22.x, and newer versions are affected by a security hole with CBT backend. Upstream have decided to remove this backend to plug the security hole. See the following patch for Envice 3.22: https://git.gnome.org/browse/evince/commit/?h=gnome-3-22&id=fa072dbbfd964e85b4a54f8e34751cf62c77d0ea Reproducible: Always ## please see bug 624876 for details
atril upstream picked a different solution and dropped support for files containing "--checkpoint-action=", see https://github.com/mate-desktop/atril/commit/f4291fd62f7dfe6460d2406a979ccfac0c68dd59 Please bump to >=app-text/atril-1.19.1 or backport the fix.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/gentoo-mate.git/commit/?id=ced50dd61da2d434a71ec88f0fec8bd0d52b12e2 commit ced50dd61da2d434a71ec88f0fec8bd0d52b12e2 Author: NP-Hardass <NP-Hardass@gentoo.org> AuthorDate: 2018-02-23 20:19:06 +0000 Commit: NP-Hardass <NP-Hardass@gentoo.org> CommitDate: 2018-02-23 20:19:06 +0000 app-text/atril: Fix CVE-2017-1000083 Bug: https://bugs.gentoo.org/624880 Package-Manager: Portage-2.3.24, Repoman-2.3.6 ...ril-1.12.2-r4.ebuild => atril-1.12.2-r5.ebuild} | 4 +++- ...ril-1.14.2-r1.ebuild => atril-1.14.2-r2.ebuild} | 4 +++- ...ril-1.16.1-r1.ebuild => atril-1.16.1-r2.ebuild} | 4 +++- app-text/atril/files/atril-cve-2017-1000083.patch | 28 ++++++++++++++++++++++ 4 files changed, 37 insertions(+), 3 deletions(-)}
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50d9a00ce8479638672bc7938ce9dc388172a82f commit 50d9a00ce8479638672bc7938ce9dc388172a82f Author: NP-Hardass <NP-Hardass@gentoo.org> AuthorDate: 2018-02-23 20:19:06 +0000 Commit: NP-Hardass <NP-Hardass@gentoo.org> CommitDate: 2018-02-23 20:22:55 +0000 app-text/atril: Fix CVE-2017-1000083 Bug: https://bugs.gentoo.org/624880 Package-Manager: Portage-2.3.24, Repoman-2.3.6 ...ril-1.12.2-r4.ebuild => atril-1.12.2-r5.ebuild} | 4 +++- ...ril-1.14.2-r1.ebuild => atril-1.14.2-r2.ebuild} | 4 +++- ...ril-1.16.1-r1.ebuild => atril-1.16.1-r2.ebuild} | 4 +++- app-text/atril/files/atril-cve-2017-1000083.patch | 28 ++++++++++++++++++++++ 4 files changed, 37 insertions(+), 3 deletions(-)}
GLSA Vote: No! Stable keywords were preserved. Repository is clean, all done.