diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-02-15 00:02:01 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-02-15 00:02:01 +0100 |
commit | 8be684d647389ee3db99d941206fa9b5cbef2621 (patch) | |
tree | 8cc881ac17dc9b0c6aa9847168c66bdd9ab418d0 | |
parent | c9c2d2e38585e9543c3a18d216108df0846c9a73 (diff) |
[DSA 4624-1] evince security update
-rw-r--r-- | english/security/2020/dsa-4624.data | 13 | ||||
-rw-r--r-- | english/security/2020/dsa-4624.wml | 45 |
2 files changed, 58 insertions, 0 deletions
diff --git a/english/security/2020/dsa-4624.data b/english/security/2020/dsa-4624.data new file mode 100644 index 00000000000..6bd6157615a --- /dev/null +++ b/english/security/2020/dsa-4624.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-4624-1 evince</define-tag> +<define-tag report_date>2020-2-14</define-tag> +<define-tag secrefs>CVE-2017-1000159 CVE-2019-11459 CVE-2019-1010006 Bug#927820</define-tag> +<define-tag packages>evince</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2020/dsa-4624.wml b/english/security/2020/dsa-4624.wml new file mode 100644 index 00000000000..25a52b80bde --- /dev/null +++ b/english/security/2020/dsa-4624.wml @@ -0,0 +1,45 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>Several vulnerabilities were discovered in evince, a simple multi-page +document viewer.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-1000159">CVE-2017-1000159</a> + + <p>Tobias Mueller reported that the DVI exporter in evince is + susceptible to a command injection vulnerability via specially + crafted filenames.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-11459">CVE-2019-11459</a> + + <p>Andy Nguyen reported that the tiff_document_render() and + tiff_document_get_thumbnail() functions in the TIFF document backend + did not handle errors from TIFFReadRGBAImageOriented(), leading to + disclosure of uninitialized memory when processing TIFF image files.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-1010006">CVE-2019-1010006</a> + + <p>A buffer overflow vulnerability in the tiff backend could lead to + denial of service, or potentially the execution of arbitrary code if + a specially crafted PDF file is opened.</p></li> + +</ul> + +<p>For the oldstable distribution (stretch), these problems have been fixed +in version 3.22.1-3+deb9u2.</p> + +<p>For the stable distribution (buster), these problems have been fixed in +version 3.30.2-3+deb10u1. The stable distribution is only affected by +<a href="https://security-tracker.debian.org/tracker/CVE-2019-11459">CVE-2019-11459</a>.</p> + +<p>We recommend that you upgrade your evince packages.</p> + +<p>For the detailed security status of evince please refer to its security +tracker page at: +<a href="https://security-tracker.debian.org/tracker/evince">https://security-tracker.debian.org/tracker/evince</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2020/dsa-4624.data" +# $Id: $ |