This bug was fixed in the package atril - 1.12.2-1ubuntu0.3 --------------- atril (1.12.2-1ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: Arbitrary command injection via DVI filename injection when printing to PDF (LP: #1759069). - fix-CVE-2017-1000159.patch - CVE-2017-1000159 -- Simon Quigley <tsimo...@ubuntu.com> Mon, 26 Mar 2018 18:29:46 -0500 ** Changed in: atril (Ubuntu Xenial) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1759069 Title: [CVE] Arbitrary command injection via DVI filename injection when printing to PDF Status in atril package in Ubuntu: Fix Released Status in atril source package in Xenial: Fix Released Status in atril source package in Artful: Fix Released Bug description: Command injection in Evince via filename when printing to PDF is possible. This also affects Atril, which is a fork of Evince. Here's the patch in Atril: https://github.com/mate- desktop/atril/commit/4650fb05e46e144be986a11a666a47add39b3799 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/atril/+bug/1759069/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp