Package: atril | Debian Sources

Package: atril / 1.20.3-1+deb10u1

Metadata

Package	Version	Patches format
atril	1.20.3-1+deb10u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
0001_prevent_no_doc_segfault.patch \| (download)	shell/ev-window.c \| 63 32 + 31 - 0 ! 1 file changed, 32 insertions(+), 31 deletions(-)	[patch] prevent segfaults when no document loaded See the issue report for a description of the bug. The root cause is dereferencing of NULL pointers, specifically the priv->document member of EvWindow structures when no document is loaded. This commit adds checks for a NULL value of priv->document at all the points in the file shell/ev-window.c where this pointer was previously dereferenced without being checked. Fixes 357 (https://github.com/mate-desktop/atril/issues/357)
0002_CVE 2019 1010006.patch \| (download)	backend/tiff/tiff-document.c \| 17 10 + 7 - 0 ! 1 file changed, 10 insertions(+), 7 deletions(-)	---
CVE 2019 11459.patch \| (download)	backend/tiff/tiff-document.c \| 26 17 + 9 - 0 ! 1 file changed, 17 insertions(+), 9 deletions(-)	[patch] tiff: handle failure from tiffreadrgbaimageoriented The TIFFReadRGBAImageOriented function returns zero if it was unable to read the image. Return NULL in this case instead of displaying uninitialized memory. This addresses CVE-2019-11459 upstream commit: https://gitlab.gnome.org/GNOME/evince/commit/234f034a4

Patch

File delta

Description

0001_prevent_no_doc_segfault.patch | (download)

shell/ev-window.c | 63 32 + 31 - 0 !
1 file changed, 32 insertions(+), 31 deletions(-)

 [patch] prevent segfaults when no document loaded

See the issue report for a description of the bug. The root cause is
dereferencing of NULL pointers, specifically the priv->document member of
EvWindow structures when no document is loaded. This commit adds checks
for a NULL value of priv->document at all the points in the file
shell/ev-window.c where this pointer was previously dereferenced without
being checked.

Fixes 357 (https://github.com/mate-desktop/atril/issues/357)

0002_CVE 2019 1010006.patch | (download)

backend/tiff/tiff-document.c | 17 10 + 7 - 0 !
1 file changed, 10 insertions(+), 7 deletions(-)

---

CVE 2019 11459.patch | (download)

backend/tiff/tiff-document.c | 26 17 + 9 - 0 !
1 file changed, 17 insertions(+), 9 deletions(-)

 [patch] tiff: handle failure from tiffreadrgbaimageoriented

The TIFFReadRGBAImageOriented function returns zero if it was unable to
read the image. Return NULL in this case instead of displaying
uninitialized memory.

This addresses CVE-2019-11459

upstream commit:
https://gitlab.gnome.org/GNOME/evince/commit/234f034a4