[Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-51698

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 13 16:39:15 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19fa214b by Salvatore Bonaccorso at 2024-01-13T17:37:26+01:00
Update information on CVE-2023-51698

For reviewers, need to check that the assessment for evince is complete.
The commit referenced is the one porting to use libarchive for
unarchiving. Atril apparently did not move to that until the recent
upstream commit.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,9 +59,10 @@ CVE-2023-51804 (An issue in rymcu forest v.0.02 allows a remote attacker to obta
 	NOT-FOR-US: rymcu forest
 CVE-2023-51698 (Atril is a simple multi-page document viewer. Atril is vulnerable to a ...)
 	- atril <unfixed>
-	- evince <undetermined>
+	- evince 3.25.92-1
 	NOTE: https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2
-	NOTE: https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed
+	NOTE: Fixed by: https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/evince/commit/7b5ad18399b04cbfce02730d28baf30e9fc35b58 (3.25.4)
 CVE-2023-51071 (An access control issue in QStar Archive Solutions Release RELEASE_3-0 ...)
 	NOT-FOR-US: QStar Archive Solutions Release
 CVE-2023-51070 (An access control issue in QStar Archive Solutions Release RELEASE_3-0 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19fa214b122a6a43ad6d6b67cc92af6180f2a58b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19fa214b122a6a43ad6d6b67cc92af6180f2a58b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240113/51ed4e2c/attachment.htm>


More information about the debian-security-tracker-commits mailing list