------------------------------------------------------------------------- Debian LTS Advisory DLA-3828-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón June 14, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : atril Version : 1.20.3-1+deb10u2 CVE ID : CVE-2023-52076 Debian Bug : 1061522 A vulnerability was discovered in Atril, a simple document viewer designed for the MATE desktop environment. CVE-2023-52076 A missing input sanitising could result in writing arbitrary files if a malformed epub document is opened, that could result in arbitrary code execution. For Debian 10 buster, these problems have been fixed in version 1.20.3-1+deb10u2. This update also disables support for comic book archives, mitigating CVE-2023-51698. We recommend that you upgrade your atril packages. For the detailed security status of atril please refer to its security tracker page at: https://security-tracker.debian.org/tracker/atril Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature