From owner-freebsd-gnome@freebsd.org Tue Jan 9 04:14:39 2018 Return-Path: Delivered-To: freebsd-gnome@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A19E0E5BCEB for ; Tue, 9 Jan 2018 04:14:39 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 7C21C68138 for ; Tue, 9 Jan 2018 04:14:39 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 784B9E5BCEA; Tue, 9 Jan 2018 04:14:39 +0000 (UTC) Delivered-To: gnome@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77F20E5BCE8 for ; Tue, 9 Jan 2018 04:14:39 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-ua0-x22e.google.com (mail-ua0-x22e.google.com [IPv6:2607:f8b0:400c:c08::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 45A8D68137 for ; Tue, 9 Jan 2018 04:14:39 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by mail-ua0-x22e.google.com with SMTP id z47so3592250uac.0 for ; Mon, 08 Jan 2018 20:14:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=/FQm6YAsPlZ6hK1fB3j6xtWz+HEXss9xq9Vdr5MVF0Q=; b=ZwzUFm11sQ7XynH5zYOF0xzxsH462kvUiGke6jbAhQrWz2QN9il8sk28Nv2BKnaI2E n+wbBhvBTFbhf+69l4RlZeaLHR8n8R3tO5KpWC7UmakERwDnTmTWpjc8wYHsTo+Kj8Qo +mZIrYwrdyO3ADW2i1XDjb52MGJLq3oEIs/SlM2Ts7+xYJQYVrTQMY8LMmE+0pLDiY3R 0AYWtKY2WSXxMqttAF86Nf/LCzGxMhP2bzAJ5lOq0BnQQnHxNDpLZTOKjwIgYF4PxJ4O vdgyHZaOYnb8r//+EfngtqJ0OVOd06qD9+ZJc+ORU7898GhOfqePydtNxiH6YMMl38QQ MjIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=/FQm6YAsPlZ6hK1fB3j6xtWz+HEXss9xq9Vdr5MVF0Q=; b=ra6CQAkHYf8FtwJ0bVM6sJ29BGVC0AfNdNp65PLul6yw6qCchTC8OyPe3pScnDs28c Sp1il2x6iYQUEbhuWnoC3Bwl23LPkkN3ENmzsVB6kZHYOBvIhg1KLt/plpmrPuHtzyLj tQjOLRkONR5Qjkc8eqtOlaM/NsphgjtjV7yVR+xd0goxU0TsFPatfIB3y4L6h+A2SeCN ePVbTT8A/U4r8//bBSihyJ7aNU6Q5XSVIvEZAQ6J1f0KXHDXuCOFX+xK8/Loqm0Qeiat NQN7Av9SAdGS+P2O2jPxUSOeXf/GgyJ+GW7v7+r3+BmdVYKr5/XQXBxjngWVyN9jEJKL ha+w== X-Gm-Message-State: AKwxytdU8/QBIqtGiJUUwfokaQKpQOd4rYDQnP0Vne4BQIgPQnyRNOJN Bsyb4zpKsyEhIcY4xO9KsD2y2YnJnwgNubbb5Sw= X-Google-Smtp-Source: ACJfBos6BkIFS+mjZir4+n27hu06LoTUfsIz1Nc98Bhbjajy0y4GCXYvJA6Jc7tXefWrVE/caUfz634pwucpafVuj5c= X-Received: by 10.176.17.203 with SMTP id q11mr7089313uac.41.1515471278124; Mon, 08 Jan 2018 20:14:38 -0800 (PST) MIME-Version: 1.0 Sender: kob6558@gmail.com Received: by 10.103.88.93 with HTTP; Mon, 8 Jan 2018 20:14:37 -0800 (PST) In-Reply-To: <2132935482.3033796.1515467397872@mail.yahoo.com> References: <2132935482.3033796.1515467397872.ref@mail.yahoo.com> <2132935482.3033796.1515467397872@mail.yahoo.com> From: Kevin Oberman Date: Mon, 8 Jan 2018 20:14:37 -0800 X-Google-Sender-Auth: u00-xQsSzOOTj64GDLdq-Wvju0M Message-ID: Subject: Re: evince security vulnerability To: Andrew Perry Cc: "gnome@FreeBSD.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2018 04:14:39 -0000 On Mon, Jan 8, 2018 at 7:09 PM, Andrew Perry via freebsd-gnome < freebsd-gnome@freebsd.org> wrote: > g'day, > I see that the evince 3.18 port has a vulnerability. > https://vuxml.freebsd.org/freebsd/01a197ca-67f1-11e7- > a266-28924a333806.html > > Is this likely to be updated at some stage? My apologies if you're already > doing something about this, but I have a machine that has been whinging to > me about it for a while now. > > regardsandrew > The same CVE for atril was fixed some time ago as the Mate folks backported the fix to 1.18.1 while the evince fix only went into 3.20.1. Still, 3.20 might e a bit more tractable than 3.24, but still might not play with the rest of Gnome 3.18. I run Mate, not gnome, so am not in a position to try a backport to 3.18. The fix was to just disable the CBT tar capability and remove the option, so it should be fairly do-able with the 3.20 fix as a reference. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683