Debian Bug report logs - #609534
CVE-2010-2640/CVE-2010-2641/CVE-2010-2642/CVE-2010-2643

version graph

Package: evince; Maintainer for evince is Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>; Source for evince is src:evince.

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Mon, 10 Jan 2011 12:39:02 UTC

Severity: grave

Tags: security, squeeze-ignore

Fixed in version evince/2.30.3-2

Done: Josselin Mouette <joss@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#609534; Package evince. (Mon, 10 Jan 2011 12:39:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>. (Mon, 10 Jan 2011 12:39:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2010-2640/CVE-2010-2641/CVE-2010-2642/CVE-2010-2643
Date: Mon, 10 Jan 2011 13:37:24 +0100
Package: evince
Severity: grave
Tags: security

Four security issues have been reported in Evince, details can
be found in the Red Hta bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2640
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2641
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2642
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2643

Patch:
http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2

Please upload an isolated fix with urgency medium to unstable 
to fix this in squeeze.

Cheers,
        Moritz




Added tag(s) squeeze-ignore. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Mon, 10 Jan 2011 13:27:03 GMT) Full text and rfc822 format available.

Reply sent to Josselin Mouette <joss@debian.org>:
You have taken responsibility. (Mon, 10 Jan 2011 19:36:08 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Mon, 10 Jan 2011 19:36:08 GMT) Full text and rfc822 format available.

Message #12 received at 609534-close@bugs.debian.org (full text, mbox):

From: Josselin Mouette <joss@debian.org>
To: 609534-close@bugs.debian.org
Subject: Bug#609534: fixed in evince 2.30.3-2
Date: Mon, 10 Jan 2011 19:32:14 +0000
Source: evince
Source-Version: 2.30.3-2

We believe that the bug you reported is fixed in the latest version of
evince, which is due to be installed in the Debian FTP archive:

evince-common_2.30.3-2_all.deb
  to main/e/evince/evince-common_2.30.3-2_all.deb
evince-dbg_2.30.3-2_amd64.deb
  to main/e/evince/evince-dbg_2.30.3-2_amd64.deb
evince-gtk_2.30.3-2_amd64.deb
  to main/e/evince/evince-gtk_2.30.3-2_amd64.deb
evince_2.30.3-2.debian.tar.gz
  to main/e/evince/evince_2.30.3-2.debian.tar.gz
evince_2.30.3-2.dsc
  to main/e/evince/evince_2.30.3-2.dsc
evince_2.30.3-2_amd64.deb
  to main/e/evince/evince_2.30.3-2_amd64.deb
gir1.0-evince-2.30_2.30.3-2_amd64.deb
  to main/e/evince/gir1.0-evince-2.30_2.30.3-2_amd64.deb
libevince-dev_2.30.3-2_amd64.deb
  to main/e/evince/libevince-dev_2.30.3-2_amd64.deb
libevince2_2.30.3-2_amd64.deb
  to main/e/evince/libevince2_2.30.3-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 609534@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Josselin Mouette <joss@debian.org> (supplier of updated evince package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 10 Jan 2011 19:03:57 +0100
Source: evince
Binary: evince evince-dbg evince-gtk evince-common libevince2 libevince-dev gir1.0-evince-2.30
Architecture: source all amd64
Version: 2.30.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Josselin Mouette <joss@debian.org>
Description: 
 evince     - Document (PostScript, PDF) viewer
 evince-common - Document (PostScript, PDF) viewer - common files
 evince-dbg - Document (PostScript, PDF) viewer - debugging symbols
 evince-gtk - Document (PostScript, PDF) viewer (GTK+ version)
 gir1.0-evince-2.30 - GObject introspection data for the libevince library
 libevince-dev - Document (PostScript, PDF) rendering library - development files
 libevince2 - Document (PostScript, PDF) rendering library
Closes: 591872 609534
Changes: 
 evince (2.30.3-2) unstable; urgency=medium
 .
   * Fix PostScript capitalization. Closes: #591872.
   * 01_dvi_security.patch: security fix from upstream git.
     CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and  CVE-2010-2643.
     Closes: #609534.
Checksums-Sha1: 
 92e084ed313381aeb0e51f76f0392b8b3a69cbe6 1903 evince_2.30.3-2.dsc
 c4d789c18ad10cc0f3a10ba4cb1d333f75d99112 23364 evince_2.30.3-2.debian.tar.gz
 e1abc0ee6168a1b5e56f6d055886c733e4dea193 1493986 evince-common_2.30.3-2_all.deb
 24a5381a1839e1bbb8899955025204bf8a8ab6d9 621578 evince_2.30.3-2_amd64.deb
 f3ee53551af8cb582d6e90aae9c4186848f37c81 1592188 evince-dbg_2.30.3-2_amd64.deb
 b6712fb4a1572062ab39536fdc5bd5c9d258d3f2 574658 evince-gtk_2.30.3-2_amd64.deb
 6095b9f247da968338c834f9406fd2be650a94d0 716442 libevince2_2.30.3-2_amd64.deb
 a43ed99b09d0f46481cdaef2a73ed8b39abb6e2b 771342 libevince-dev_2.30.3-2_amd64.deb
 03bbd140e17e4a801a019b24deaad385c701c6dd 421912 gir1.0-evince-2.30_2.30.3-2_amd64.deb
Checksums-Sha256: 
 419400039b0c766746e069fec26d7e6ecfd0c0bdb392f73571a26db23cc469ae 1903 evince_2.30.3-2.dsc
 aa5f3f111053e04da9200156bd8b022ea1410e1ff3804968199d0ae9c105a654 23364 evince_2.30.3-2.debian.tar.gz
 85c6e4c4388acb117f34b471e816feb86a957f4ae7de5a8e0d26a1c64d1df2ce 1493986 evince-common_2.30.3-2_all.deb
 d44c3779c1996e1ddff28c84fc077cb267ffe1addab72a93882059e54e4cef34 621578 evince_2.30.3-2_amd64.deb
 0242890ae7527dbd02ebb44bb07ef1d14e9c16b224fd080e5943d3c8e83c721e 1592188 evince-dbg_2.30.3-2_amd64.deb
 23baac7107a1adeee3184d9ed13e63b48ce9e8a5b8c7797bb0f0a3342311708a 574658 evince-gtk_2.30.3-2_amd64.deb
 49dc5e8587e2ae98bf726a05e38f6b2a330cb0fe6748d49b3d8804df1ad690f7 716442 libevince2_2.30.3-2_amd64.deb
 fbc45f29d4677d97756829d160076edb0bb5400bf460e8b254e20fe44c76f975 771342 libevince-dev_2.30.3-2_amd64.deb
 f966a34785e22fd4d530ccd75fc91f51c76584959a5afbfdee12e0e7b6270417 421912 gir1.0-evince-2.30_2.30.3-2_amd64.deb
Files: 
 ff72df769cb8cca9f6c20d83cff4e1ab 1903 gnome optional evince_2.30.3-2.dsc
 c15cbe4a39f223ca0a9d9dee45505658 23364 gnome optional evince_2.30.3-2.debian.tar.gz
 85ad0fa3fbd755d48d1fad947c46d577 1493986 gnome optional evince-common_2.30.3-2_all.deb
 145555de93405486cc9e9fd69bb62ffb 621578 gnome optional evince_2.30.3-2_amd64.deb
 304e1d37cb98e6b2d3e04753b605e5a3 1592188 debug extra evince-dbg_2.30.3-2_amd64.deb
 b67d3e32673e9ab68e60acdd540feaf6 574658 x11 optional evince-gtk_2.30.3-2_amd64.deb
 3251c709bdc196b4a0d4a82597de9df8 716442 libs optional libevince2_2.30.3-2_amd64.deb
 16945bf1b22e6d90fc69ee77eb128f43 771342 libdevel optional libevince-dev_2.30.3-2_amd64.deb
 1527eb8c75eac67f679ada683c76a57d 421912 libs optional gir1.0-evince-2.30_2.30.3-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFNK1s8rSla4ddfhTMRAlXPAJ96myTdhVTvQDTpqnIme6XqXZ8syQCfazzY
o0RTIk++l2VPE7DFMgGA2k4=
=dlUC
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 07 Mar 2011 08:38:24 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 11:18:40 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.