Date: Mon, 8 Jan 2018 20:14:37 -0800 From: Kevin Oberman <rkoberman@gmail.com> To: Andrew Perry <pez_098@yahoo.com> Cc: "gnome@FreeBSD.org" <gnome@freebsd.org> Subject: Re: evince security vulnerability Message-ID: <CAN6yY1v4Kk03dbHUvFam0ZpK8rZ%2B7vdsHSiUyr6Y1cNLBomnmg@mail.gmail.com> In-Reply-To: <2132935482.3033796.1515467397872@mail.yahoo.com> References: <2132935482.3033796.1515467397872.ref@mail.yahoo.com> <2132935482.3033796.1515467397872@mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 8, 2018 at 7:09 PM, Andrew Perry via freebsd-gnome < freebsd-gnome@freebsd.org> wrote: > g'day, > I see that the evince 3.18 port has a vulnerability. > https://vuxml.freebsd.org/freebsd/01a197ca-67f1-11e7- > a266-28924a333806.html > > Is this likely to be updated at some stage? My apologies if you're already > doing something about this, but I have a machine that has been whinging to > me about it for a while now. > > regardsandrew > The same CVE for atril was fixed some time ago as the Mate folks backported the fix to 1.18.1 while the evince fix only went into 3.20.1. Still, 3.20 might e a bit more tractable than 3.24, but still might not play with the rest of Gnome 3.18. I run Mate, not gnome, so am not in a position to try a backport to 3.18. The fix was to just disable the CBT tar capability and remove the option, so it should be fairly do-able with the 3.20 fix as a reference. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1v4Kk03dbHUvFam0ZpK8rZ%2B7vdsHSiUyr6Y1cNLBomnmg>