it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5688-1] atril security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5688-1] atril security update
Date: Sun, 12 May 2024 13:20:47 +0000
List-archive: https://lists.debian.org/msgid-search/ZkDCL64I+GLVwGe3 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=Cbp1wZDzYxu1oPk9OG+TD27RQkbkWQ45YYjWnmdcZac=; b=kw CoZjZ/WZp5GfhpQcYBVEMA2Uxg9+lJqrCbMn7yR/9zs3nP6mgg+iP1YuC2fmX5q/SNMiJgsCBzw/M gxwEAEkum70tTQIuJtU3Y0dPxzsvcvHiUY6b1ctvTBB7n+8taEC+pO+axvvPi/aLCcOyJU4xsncWT bckKy+bnM21a+wsr/SAqxwD2+JZalqJkQJd48gZGvXISVyJ7o5D/3faEe07axnI+2xaZT8THLRfTW jpW8talcdQZUM3uPKlc5/l6X3onSA2RdUfC9W2PRcreYWNgkoTwmhJzrW4R3ob9tvKxlAsOx2qnVo mb8tdWCHGq3/9t04LMvjt2rGbSNKM/zA==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Sun, 12 May 2024 13:21:12 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <MoCcC0qnOvK.A.Zu.IJMQmB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5688-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 12, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : atril
CVE ID : CVE-2023-52076

It was discovered that missing input sanitising in the Atril document
viewer could result in writing arbitrary files in the users home directory
if a malformed epub document is opened.

For the oldstable distribution (bullseye), this problem has been fixed
in version 1.24.0-1+deb11u1. This update also disables support for
comic book archives, mitigating CVE-2023-51698.

For the stable distribution (bookworm), this problem has been fixed in
version 1.26.0-2+deb12u3.

We recommend that you upgrade your atril packages.

For the detailed security status of atril please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/atril

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZAwWEACgkQEMKTtsN8
TjYqAw/+OF7wq08UNm4f0fbj/1xH8rFftCj/pnB1XGjkPiOPQA7cYDHUM0kRjEQt
4MDCxzQXs5gWOR20XhZUUij95xj2d29t99N9xRWdhoC49pWOfAUKRNojrt+aa/LX
SzEd2tQTWD+RuFd0ODUVJ8EYwwTH+U+NA2qVRnrXVS2PT3rUIotdXjIUPPe+LII+
UX/wx3c8AKBk8UH+2bJJnLpZ26KqzcoQR4Qx4hClx0mvDFtmbKPANBeiiJSmy3er
Y9VG7PSDqI0m+N67Sa5mOqOr9rVFNpqXJegSm/RIEvN/K3J+HKtxpkDyWIsG8tro
ZxA53WanVGLjWVU9HnE+XtwMvEQcjlg2r/vaN/oisbdFzybbBFrvoITVBQTeKnMP
GVI3IIPGRBlHYGFJpvhc25xZfVphYlqB9gVwDIlkIIPCa23fr4KilCK/k7fDTrF/
3ae91LnzyLMIxBIIDmtEbdWxKxCnizZtTpZf0Tdy1srueqdW5FdqT0fl/SZqtWhJ
2g/uAROk4lOvs8H609it8UCK4X9PPZwYci7gzKHBpzQ5vuI+oAjL9EN41R4sahq6
Wl0Z7n5gFcsfpfKSkdFosLMylsfQ3h2Wfdw/obiXr9VYjIUQHBdQ6zUgOnwdhNp8
hvwY2WNDWrpwg2mu0cp8zRcCFLeHtfYcza9VWtiJcEa+6WAAemQ=
=6TWQ
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5688-1] atril security update, Moritz Muehlenhoff, 12.05.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.