-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : evince Version : 3.4.0-3.1+deb7u2 CVE ID : CVE-2017-1000159
It was discovered that there was an arbitrary command injection in the evince PDF viewer. A specially-crafted embedded DVI filename could be exploited to run commands as the current user when "printing" to PDF. For Debian 7 "Wheezy", this issue has been fixed in evince version 3.4.0-3.1+deb7u2. We recommend that you upgrade your evince packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlousAYACgkQHpU+J9Qx HlgB3g//UMtn05O4FvtIfmgeRg/uLcFB0MDIabKklz9AMZncFfsvYiIuV1VNmrKJ APPQ1o7nScflEQbNtgiLkYJHb6xesMhM0Jdgar35af3qjMvjSyxsZWXWzyudzulH PCl8kF4bjqR7l5zXKtMntEbpAoB5J3hm18XN0K13J18f+RwDKnc+nSwTs+fLeVhJ IIQsiYxirzHnaHJWC3H22hUNTBIYLioJK2s1a69jXqKqxvwZgu9eOHzH2JfBaa/L s7MLuMCpMJIlOeFuaFmPFH8jqMB0SIeFxOlPO9mCOQ0yae9IR3PuZPDW1VVuRhvJ aaS3B+g2wi68b5M1LYKqNuTjHYM6c0YUA2AA6d5511UVZUO2wudRMdUaikhBtsOB Xu/oooVmK53EDC4+ooRH95mU0jgFLJ+nYNY001lDDHBudJLs3U6uTckdn8rq9HU9 XDg9i1yGM0cRz33TAiKQ/jmKjAWxmZCfZVdhMM+/6APKK28NzaY3WZY2zmyXAsO1 UeZSq7NBCCm0jHiY+JHUCS9ymL/xPRkhfmozlyamt8LN8IKmzaywE4q1EbrPXFX1 l4NS8WyYyzgXTm+JFsughj9MoUHJ5hh3mUiCatfVwFuEBprGnuY+JJCP/om+ywT4 RzqhHdYHJyg1JC88+YfieDvj/iLlyVlqFNk1un0L5OOX2D//Vq4= =Hjrt -----END PGP SIGNATURE-----