CVE-2017-1000159

Priority
Medium
Description
Command injection in evince via filename when printing to PDF. This affects
versions earlier than 3.25.91.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (3.25.91)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (3.10.3-0ubuntu10.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (3.18.2-1ubuntu4.3)
Ubuntu 17.04 (Zesty Zapus):released (3.24.0-0ubuntu1.3)
Ubuntu 17.10 (Artful Aardvark):not-affected (3.26.0-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.26.0-1)
Patches:
Upstream:https://git.gnome.org/browse/evince/commit/?id=350404c76dc8601e2cdd2636490e2afc83d3090e
Package
Source: atril (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):needed
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
More Information

Updated: 2017-12-15 20:18:02 UTC (commit 13913)