UbuntuUpdates.org

Package "evince"

Name: evince

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • plugin for web browsers to display documents (PostScript, PDF, …)

Latest version: 3.28.4-0ubuntu1.2
Release: bionic (18.04)
Level: updates
Repository: universe

Links



Other versions of "evince" in Bionic

Repository Area Version
base main 3.28.2-1
base universe 3.28.2-1
security universe 3.28.4-0ubuntu1.2
security main 3.28.4-0ubuntu1.2
updates main 3.28.4-0ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.28.4-0ubuntu1.2 2019-06-19 21:06:29 UTC

  evince (3.28.4-0ubuntu1.2) bionic-security; urgency=medium

  * apparmor-profile: apply hardening from Ubuntu 18.10
    - add preamble for expectations of the profile
    - evince{-previewer}: restrict access to DBus system bus (we allow full
      access to session, translation and accessibility buses for compatibility)
      + allow Get* to anything polkit allows
      + allow talking to avahi (for printing)
      + allow talking to colord (for printing)
    - make the thumbnailer more restrictive (LP: #1794848) (Closes: #909849)
      + remove evince abstraction and use only what is needed from it
      + limit access to DBus session bus
      + generally disallow writes
      + allow reads for non-hidden files
  * debian/apparmor-profile.abstraction: apply hardening from Ubuntu 18.10
    - disallow access to the dirs of private files (LP: #1788929)
  * debian/apparmor-profile: allow /bin/env ixr

 -- Jamie Strandboge <email address hidden> Tue, 18 Jun 2019 19:15:55 +0000

Source diff to previous version
1794848 private-files-strict and user-files abstractions should also limit access to directories
909849 evince: apparmor profile hardening - Debian Bug report logs

Version: 3.28.4-0ubuntu1.1 2019-04-29 15:07:24 UTC

  evince (3.28.4-0ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Uninitialized memory use
    - debian/patches/CVE-2019-11459.patch: handle failure
      from TIFFREADGBAImageOriented, returning NULL instead
      of displaying uninitialized memory in backend/tiff/tiff-document.c.
    - CVE-2019-11459

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 25 Apr 2019 12:30:54 -0300

Source diff to previous version
CVE-2019-11459 The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle err

Version: 3.28.4-0ubuntu1 2018-11-08 00:07:06 UTC

  evince (3.28.4-0ubuntu1) bionic; urgency=medium

  * New upstream release (LP: #1790609)
  * debian/rules:
    - add --enable-ps to keep ghostscript file visionning disabled upstream,
      (as in current bionic and cosmic)

 -- Didier Roche <email address hidden> Mon, 15 Oct 2018 11:42:54 +0200

1790609 Update evince to 3.28.4



About   -   Send Feedback to @ubuntu_updates