evince (2.30.3-0ubuntu1.2) lucid-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via multiple dvi backend
overflows
- debian/patches/02_CVE-2010-264x.patch: add bounds checking in
backend/dvi/mdvi-lib/{afmparse,dviread,pk,tfmfile,vf}.c.
- CVE-2010-2640
-
git-core (1:1.7.0.4-1ubuntu0.2) lucid-security; urgency=low
* SECURITY UPDATE: gitweb cross-site scripting vulnerability
- debian/diff/0034-gitweb-Introduce-esc_attr...diff:
from upstream: gitweb: do not parrot filenames or other arguments
given in a request without proper