[SECURITY] [DLA 1031-1] evince security update

Tue, 18 Jul 2017 14:29:00 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : evince
Version        : 3.4.0-3.1+deb7u1
CVE ID         : CVE-2017-1000083
Debian Bug     : 868500

from the Google Security Team discovered that the Evince document
viewer made insecure use of tar when opening tar comic book archives
(CBT). Opening a malicious CBT archive could result in the execution
of arbitrary code. This update disables the CBT format entirely.

For Debian 7 "Wheezy", these problems have been fixed in version
3.4.0-3.1+deb7u1.

We recommend that you upgrade your evince packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAllufU4ACgkQnUbEiOQ2
gwKmbBAAoOwwUAUSRXaRK0wCjwN1AzfBGx46pUoaZDl5gLeq8xexTf14lWy7WSPi
mQd6tJoqD5zj5gEcNmRj6gnNU5OY8ETurTkYHobKjSpYAVi6nlmkaOP645S3weqz
MkCUDqOwoMJLJiERUi/kJnz5FNyf22npwlqjy9J/yybLUpnZtvfZFxhb69UeBY2U
ZSmnCRd4awt4C68+51vw0FlpKGZgUSLDB9oUVWXJTPVkNRk79JC14Pcf6YH2zxRE
06hSj5ING249hZjuZC6tpx+LT9+E+JnG9N0Qzck5Zi9ZqAWBK9lJW4zMXOyRKdig
aefpfMFB9P6nfA96HGOB5hGtjIuOwduKFCwoEesKmBM5rgJMUWup+Ts2HCbWQOoh
K9HAgQ/3jQLnGgPD2uPAHkszFS0vZ2FZ1GG94f9AJfs9leRACRy5Ph7cZd3AoZdX
NLN6p1BEIDoxBsPGO8byoYDbbAKlF4IoRBj6u6W30oOhb1IiZ7E9TcyeM8akoZB/
poo3ZLTk35QDTzClILRPYQym00RWU7MBpTiq3MDEl7TZCQe0GtHEJJs3vPKVKRx+
ZEi9spxjLCBQHHSNNfOj/nG+6CMsXCLYIN5fug9AOdJ51wlpZUs/zmDVNXCdomRM
SqD/Ii1FvdNWAoizbT8UBNRRf8o3JPJTBhJvPcnx/YJLpVdmj1A=
=mZ9u
-----END PGP SIGNATURE-----

Reply via email to