CVE-2017-1000159

Priority
Medium
Description
Command injection in evince via filename when printing to PDF. This affects
versions earlier than 3.25.91.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (3.25.91)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (3.10.3-0ubuntu10.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (3.18.2-1ubuntu4.3)
Ubuntu 17.10 (Artful Aardvark):not-affected (3.26.0-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.26.0-1)
Patches:
Upstream:https://git.gnome.org/browse/evince/commit/?id=350404c76dc8601e2cdd2636490e2afc83d3090e
Package
Source: atril (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.12.2-1ubuntu0.3)
Ubuntu 17.10 (Artful Aardvark):released (1.18.1-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.20.1-0ubuntu1)
More Information

Updated: 2018-03-28 23:14:17 UTC (commit 14454)