group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1759069] Re: [CVE] Arbitrary command injection via DVI filename injection when printing to PDF

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1759069@xxxxxxxxxxxxxxxxxx>
Date: Wed, 28 Mar 2018 21:40:55 -0000
Reply-to: Bug 1759069 <1759069@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package atril - 1.18.1-1ubuntu0.1

---------------
atril (1.18.1-1ubuntu0.1) artful-security; urgency=medium

  * SECURITY UPDATE: Arbitrary command injection via DVI filename injection
    when printing to PDF (LP: #1759069).
    - fix-CVE-2017-1000159.patch
    - CVE-2017-1000159

 -- Simon Quigley <tsimonq2@xxxxxxxxxx>  Mon, 26 Mar 2018 18:35:16 -0500

** Changed in: atril (Ubuntu Artful)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1759069

Title:
  [CVE] Arbitrary command injection via DVI filename injection when
  printing to PDF

Status in atril package in Ubuntu:
  Fix Released
Status in atril source package in Xenial:
  Fix Released
Status in atril source package in Artful:
  Fix Released

Bug description:
  Command injection in Evince via filename when printing to PDF is
  possible. This also affects Atril, which is a fork of Evince.

  Here's the patch in Atril: https://github.com/mate-
  desktop/atril/commit/4650fb05e46e144be986a11a666a47add39b3799

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/atril/+bug/1759069/+subscriptions

References

[Bug 1759069] [NEW] [CVE] Arbitrary command injection via DVI filename injection when printing to PDF
From: Simon Quigley, 2018-03-26