-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 12 Feb 2020 21:32:58 +0100 Source: evince Architecture: source Version: 3.22.1-3+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 927820 Changes: evince (3.22.1-3+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * dvi: Mitigate command injection attacks by quoting filename (CVE-2017-1000159) * Fix overflow checks in tiff backend (CVE-2019-1010006) * Remove unused configure check for cairo_format_stride_for_width (CVE-2019-1010006) * tiff: Handle failure from TIFFReadRGBAImageOriented (CVE-2019-11459) (Closes: #927820) Checksums-Sha1: 54c71e90cfa934d365f56fbd79cda67fa1a62116 3317 evince_3.22.1-3+deb9u2.dsc ee575a966b8bb6bfa45538a3ecdc99d084c18f98 30696 evince_3.22.1-3+deb9u2.debian.tar.xz f4754819c352676be65ae3e18c116688c95901f5 6625 evince_3.22.1-3+deb9u2_source.buildinfo Checksums-Sha256: 0341e67759a44feb73c92da5c246428d1536a1b37e5df7aa58ea9bb83417b102 3317 evince_3.22.1-3+deb9u2.dsc a94fc3600dee0f51cda70ede100c46081cf745de40167b8c540a8ec676f6a9af 30696 evince_3.22.1-3+deb9u2.debian.tar.xz f4dd0813fe4fdf4dcf10cf9339fb457d153a9be106771eccbd4102d473da246c 6625 evince_3.22.1-3+deb9u2_source.buildinfo Files: c076347d5611f9f6c5da932460acb6ee 3317 gnome optional evince_3.22.1-3+deb9u2.dsc d705644613664c7734ce29f84d5e8b02 30696 gnome optional evince_3.22.1-3+deb9u2.debian.tar.xz 9d6157f36fccd834c4edb1cf5268235a 6625 gnome optional evince_3.22.1-3+deb9u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl5GlcBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EEl0QAIgEdI5BJ+pc3n9uI4GeSp00cZBRt9OW OuzRnDnara8kgew+cypjbseU/hfZ1B8ZH6yaIhgRBPUDi+gW7mlXQTs0TyB/Mg9u k6bTFRScbcfCVidkUA7yYzVYe0ALfQcWjlfZMYV+3kE+O/mM8LfkZz+AXtejdfy3 q4GQyhlox2vjDITMz5ED28NyOW4msx9owByKMzR/KIg8lo3hdTLtEB56B6vI4mhB S8XESBJ4aJYeS/xWbpfZP5qK/9b+rd6SqI60rHULEdU6HR8g2w71SlPpX6WwDzGW woWbwdGmeBX2Da6pq0RegmVgPUgfR16spMnN5X0mSpwlcCMiD/Kzu13oO7FD4u+u 4+rPmxk+rKRLH8uF/FBzVvzWnc2tulmrJ4NIArsjlJyEsBsxu0/4CgAwA5rdLQeP C36x1NmISM7wrJ3jCMv62Os1Ujr847R/RJHvspLNbcftDGlU0OamkhmtkRYUMCxg 9f8+amRpUpA3BYFvvd6EZmiHTTnfchQhWqVpKCot8jFKV087x0stvvsXdbH2q8uw r57Zgd5XW41JkhH/xX+aYsnjO/730QfBK9uzEw96OJcEQqg0HR8oaS5XYcL38wkC NygM8VEQ6pjhUtIFaV2lLeCEckwBTEAH02HUd24HKRTF+LDfr6D2gmLNNL/3x5eq BHaZCVRLoV/u =K9qS -----END PGP SIGNATURE-----