evince 3.22.1-4 source package in Debian
Changelog
evince (3.22.1-4) unstable; urgency=high
* d/p/comics-Remove-support-for-tar-and-tar-like-commands.patch:
Fix possible command injection vulnerability in CBT handler, this patch
removes handling of the CBT file format completely and evince now requires
unrar, unzip or 7z to open cbr, cbz or cb7 files (CVE-2017-1000083)
Discovered by Felix Wilhelm from the Google Security Team.
-- Laurent Bigonville <email address hidden> Thu, 13 Jul 2017 15:47:05 +0200
Upload details
- Uploaded by:
- Debian GNOME Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian GNOME Maintainers
- Architectures:
- any all
- Section:
- gnome
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| evince_3.22.1-4.dsc | 2.7 KiB | e022d6c61aa98bd0b497e90e7d048f532479824a7aa429432924a64aa492228e |
| evince_3.22.1.orig.tar.xz | 3.2 MiB | f3d439db3b5a5745d26175d615a71dffa1535235b1e3aa0b85d397ea33ab231c |
| evince_3.22.1-4.debian.tar.xz | 28.5 KiB | 2a838676422349b1e15d2bab199bbec31ced33a7f54b8b851b186e0ca3cd5ded |
No changes file available.
