Backport upstream commit 970c219e from evince to fix
CVE-2026-46529. The patch quotes string arguments (page
labels, named destinations, and search strings) passed to
ev_spawn when spawning a new Evince instance, preventing
untrusted values from being interpreted as unintended flags.
CVE: CVE-2026-46529
Upstream patches:
- 970c219e86.patch
Resolves: RHEL-184039
This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.
Assisted-by: Ymir
