Document viewer
Backport upstream commit 8b111d67ac93 to fix CVE-2026-46529.
The patch adds g_shell_quote() sanitization to all
user-controlled inputs (page-label, named-dest, find string)
in ev_spawn() in shell/ev-application.c, preventing potential
command injection via crafted arguments.
CVE: CVE-2026-46529
Upstream patches:
-
|
||
|---|---|---|
| .gitignore | ||
| evince-40.1-covscan.patch | ||
| evince-40.4-quit-shortcut.patch | ||
| evince-40.5-CVE-2026-46529.patch | ||
| evince-40.5-launch-event.patch | ||
| evince-40.5-launch-pdfs.patch | ||
| evince.spec | ||
| gating.yaml | ||
| sources | ||