Debian Bug report logs -
#609534
CVE-2010-2640/CVE-2010-2641/CVE-2010-2642/CVE-2010-2643
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Mon, 10 Jan 2011 12:39:02 UTC
Severity: grave
Tags: security, squeeze-ignore
Fixed in version evince/2.30.3-2
Done: Josselin Mouette <joss@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#609534; Package evince.
(Mon, 10 Jan 2011 12:39:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>.
(Mon, 10 Jan 2011 12:39:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: evince
Severity: grave
Tags: security
Four security issues have been reported in Evince, details can
be found in the Red Hta bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2640
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2641
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2642
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2643
Patch:
http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2
Please upload an isolated fix with urgency medium to unstable
to fix this in squeeze.
Cheers,
Moritz
Added tag(s) squeeze-ignore.
Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk>
to control@bugs.debian.org.
(Mon, 10 Jan 2011 13:27:03 GMT) (full text, mbox, link).
Reply sent
to Josselin Mouette <joss@debian.org>:
You have taken responsibility.
(Mon, 10 Jan 2011 19:36:08 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Mon, 10 Jan 2011 19:36:08 GMT) (full text, mbox, link).
Message #12 received at 609534-close@bugs.debian.org (full text, mbox, reply):
Source: evince
Source-Version: 2.30.3-2
We believe that the bug you reported is fixed in the latest version of
evince, which is due to be installed in the Debian FTP archive:
evince-common_2.30.3-2_all.deb
to main/e/evince/evince-common_2.30.3-2_all.deb
evince-dbg_2.30.3-2_amd64.deb
to main/e/evince/evince-dbg_2.30.3-2_amd64.deb
evince-gtk_2.30.3-2_amd64.deb
to main/e/evince/evince-gtk_2.30.3-2_amd64.deb
evince_2.30.3-2.debian.tar.gz
to main/e/evince/evince_2.30.3-2.debian.tar.gz
evince_2.30.3-2.dsc
to main/e/evince/evince_2.30.3-2.dsc
evince_2.30.3-2_amd64.deb
to main/e/evince/evince_2.30.3-2_amd64.deb
gir1.0-evince-2.30_2.30.3-2_amd64.deb
to main/e/evince/gir1.0-evince-2.30_2.30.3-2_amd64.deb
libevince-dev_2.30.3-2_amd64.deb
to main/e/evince/libevince-dev_2.30.3-2_amd64.deb
libevince2_2.30.3-2_amd64.deb
to main/e/evince/libevince2_2.30.3-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 609534@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Josselin Mouette <joss@debian.org> (supplier of updated evince package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 10 Jan 2011 19:03:57 +0100
Source: evince
Binary: evince evince-dbg evince-gtk evince-common libevince2 libevince-dev gir1.0-evince-2.30
Architecture: source all amd64
Version: 2.30.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Josselin Mouette <joss@debian.org>
Description:
evince - Document (PostScript, PDF) viewer
evince-common - Document (PostScript, PDF) viewer - common files
evince-dbg - Document (PostScript, PDF) viewer - debugging symbols
evince-gtk - Document (PostScript, PDF) viewer (GTK+ version)
gir1.0-evince-2.30 - GObject introspection data for the libevince library
libevince-dev - Document (PostScript, PDF) rendering library - development files
libevince2 - Document (PostScript, PDF) rendering library
Closes: 591872 609534
Changes:
evince (2.30.3-2) unstable; urgency=medium
.
* Fix PostScript capitalization. Closes: #591872.
* 01_dvi_security.patch: security fix from upstream git.
CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643.
Closes: #609534.
Checksums-Sha1:
92e084ed313381aeb0e51f76f0392b8b3a69cbe6 1903 evince_2.30.3-2.dsc
c4d789c18ad10cc0f3a10ba4cb1d333f75d99112 23364 evince_2.30.3-2.debian.tar.gz
e1abc0ee6168a1b5e56f6d055886c733e4dea193 1493986 evince-common_2.30.3-2_all.deb
24a5381a1839e1bbb8899955025204bf8a8ab6d9 621578 evince_2.30.3-2_amd64.deb
f3ee53551af8cb582d6e90aae9c4186848f37c81 1592188 evince-dbg_2.30.3-2_amd64.deb
b6712fb4a1572062ab39536fdc5bd5c9d258d3f2 574658 evince-gtk_2.30.3-2_amd64.deb
6095b9f247da968338c834f9406fd2be650a94d0 716442 libevince2_2.30.3-2_amd64.deb
a43ed99b09d0f46481cdaef2a73ed8b39abb6e2b 771342 libevince-dev_2.30.3-2_amd64.deb
03bbd140e17e4a801a019b24deaad385c701c6dd 421912 gir1.0-evince-2.30_2.30.3-2_amd64.deb
Checksums-Sha256:
419400039b0c766746e069fec26d7e6ecfd0c0bdb392f73571a26db23cc469ae 1903 evince_2.30.3-2.dsc
aa5f3f111053e04da9200156bd8b022ea1410e1ff3804968199d0ae9c105a654 23364 evince_2.30.3-2.debian.tar.gz
85c6e4c4388acb117f34b471e816feb86a957f4ae7de5a8e0d26a1c64d1df2ce 1493986 evince-common_2.30.3-2_all.deb
d44c3779c1996e1ddff28c84fc077cb267ffe1addab72a93882059e54e4cef34 621578 evince_2.30.3-2_amd64.deb
0242890ae7527dbd02ebb44bb07ef1d14e9c16b224fd080e5943d3c8e83c721e 1592188 evince-dbg_2.30.3-2_amd64.deb
23baac7107a1adeee3184d9ed13e63b48ce9e8a5b8c7797bb0f0a3342311708a 574658 evince-gtk_2.30.3-2_amd64.deb
49dc5e8587e2ae98bf726a05e38f6b2a330cb0fe6748d49b3d8804df1ad690f7 716442 libevince2_2.30.3-2_amd64.deb
fbc45f29d4677d97756829d160076edb0bb5400bf460e8b254e20fe44c76f975 771342 libevince-dev_2.30.3-2_amd64.deb
f966a34785e22fd4d530ccd75fc91f51c76584959a5afbfdee12e0e7b6270417 421912 gir1.0-evince-2.30_2.30.3-2_amd64.deb
Files:
ff72df769cb8cca9f6c20d83cff4e1ab 1903 gnome optional evince_2.30.3-2.dsc
c15cbe4a39f223ca0a9d9dee45505658 23364 gnome optional evince_2.30.3-2.debian.tar.gz
85ad0fa3fbd755d48d1fad947c46d577 1493986 gnome optional evince-common_2.30.3-2_all.deb
145555de93405486cc9e9fd69bb62ffb 621578 gnome optional evince_2.30.3-2_amd64.deb
304e1d37cb98e6b2d3e04753b605e5a3 1592188 debug extra evince-dbg_2.30.3-2_amd64.deb
b67d3e32673e9ab68e60acdd540feaf6 574658 x11 optional evince-gtk_2.30.3-2_amd64.deb
3251c709bdc196b4a0d4a82597de9df8 716442 libs optional libevince2_2.30.3-2_amd64.deb
16945bf1b22e6d90fc69ee77eb128f43 771342 libdevel optional libevince-dev_2.30.3-2_amd64.deb
1527eb8c75eac67f679ada683c76a57d 421912 libs optional gir1.0-evince-2.30_2.30.3-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFNK1s8rSla4ddfhTMRAlXPAJ96myTdhVTvQDTpqnIme6XqXZ8syQCfazzY
o0RTIk++l2VPE7DFMgGA2k4=
=dlUC
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 07 Mar 2011 08:38:24 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:51:32 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon