evince security vulnerability
Kevin Oberman
rkoberman at gmail.com
Tue Jan 9 04:14:39 UTC 2018
On Mon, Jan 8, 2018 at 7:09 PM, Andrew Perry via freebsd-gnome <
freebsd-gnome at freebsd.org> wrote:
> g'day,
> I see that the evince 3.18 port has a vulnerability.
> https://vuxml.freebsd.org/freebsd/01a197ca-67f1-11e7-
> a266-28924a333806.html
>
> Is this likely to be updated at some stage? My apologies if you're already
> doing something about this, but I have a machine that has been whinging to
> me about it for a while now.
>
> regardsandrew
>
The same CVE for atril was fixed some time ago as the Mate folks backported
the fix to 1.18.1 while the evince fix only went into 3.20.1. Still, 3.20
might e a bit more tractable than 3.24, but still might not play with the
rest of Gnome 3.18. I run Mate, not gnome, so am not in a position to try a
backport to 3.18. The fix was to just disable the CBT tar capability and
remove the option, so it should be fairly do-able with the 3.20 fix as a
reference.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman at gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
More information about the freebsd-gnome
mailing list