Document viewer
Go to file
RHEL Packaging Agent 78fe0e1523 Fix CVE-2026-46529: command injection via crafted arguments
Backport upstream commit 8b111d67ac93 to fix CVE-2026-46529.
The patch adds g_shell_quote() sanitization to all
user-controlled inputs (page-label, named-dest, find string)
in ev_spawn() in shell/ev-application.c, preventing potential
command injection via crafted arguments.

CVE: CVE-2026-46529
Upstream patches:
 - 8b111d67ac.patch
Resolves: RHEL-184044

This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Ymir
2026-06-28 08:14:51 +00:00
.gitignore Rebase to 40.5 2022-05-23 16:51:42 +02:00
evince-40.1-covscan.patch Use tmp dir as containing folder for non-native files 2021-06-24 09:13:22 +00:00
evince-40.4-quit-shortcut.patch Remove Ctrl+q shortcut from shortcuts page 2021-11-02 10:30:26 +01:00
evince-40.5-CVE-2026-46529.patch Fix CVE-2026-46529: command injection via crafted arguments 2026-06-28 08:14:51 +00:00
evince-40.5-launch-event.patch Allow launch action to open PDFs 2025-05-20 17:14:22 +02:00
evince-40.5-launch-pdfs.patch Fix a leak 2025-05-30 10:17:30 +02:00
evince.spec Fix CVE-2026-46529: command injection via crafted arguments 2026-06-28 08:14:51 +00:00
gating.yaml enabling gating for el9 2021-06-16 13:17:50 +02:00
sources Rebase to 40.5 2022-05-23 16:51:42 +02:00