UbuntuUpdates.org

Package "evince"

Name: evince

Description:

Document (PostScript, PDF) viewer

Latest version: 3.18.2-1ubuntu4.6
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: https://wiki.gnome.org/Apps/Evince

Links


Download "evince"


Other versions of "evince" in Xenial

Repository Area Version
base universe 3.18.2-1ubuntu4
base main 3.18.2-1ubuntu4
security universe 3.18.2-1ubuntu4.6
security main 3.18.2-1ubuntu4.6
updates universe 3.18.2-1ubuntu4.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.18.2-1ubuntu4.6 2019-07-22 18:06:16 UTC

  evince (3.18.2-1ubuntu4.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-1010006-*.patch: remove unused configure
      check for cairo_format_stride_for_width and fix overflow checks
      in backend/tiff/tiff-document.c.
    - CVE-2019-1010006

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 17 Jul 2019 09:48:28 -0300

Source diff to previous version
CVE-2019-1010006 Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attac

Version: 3.18.2-1ubuntu4.5 2019-06-19 21:06:22 UTC

  evince (3.18.2-1ubuntu4.5) xenial-security; urgency=medium

  * apparmor-profile: apply hardening from Ubuntu 18.10
    - add preamble for expectations of the profile
    - evince{-previewer}: restrict access to DBus system bus (we allow full
      access to session, translation and accessibility buses for compatibility)
      + allow Get* to anything polkit allows
      + allow talking to avahi (for printing)
      + allow talking to colord (for printing)
    - make the thumbnailer more restrictive (LP: #1794848) (Closes: #909849)
      + remove evince abstraction and use only what is needed from it
      + limit access to DBus session bus
      + generally disallow writes
      + allow reads for non-hidden files
  * debian/apparmor-profile.abstraction: apply hardening from Ubuntu 18.10
    - disallow access to the dirs of private files (LP: #1788929)
  * debian/apparmor-profile: allow /bin/env ixr

 -- Jamie Strandboge <email address hidden> Tue, 18 Jun 2019 19:28:02 +0000

Source diff to previous version
1794848 private-files-strict and user-files abstractions should also limit access to directories
909849 evince: apparmor profile hardening - Debian Bug report logs

Version: 3.18.2-1ubuntu4.4 2019-04-29 15:07:18 UTC

  evince (3.18.2-1ubuntu4.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Uninitialized memory use
    - debian/patches/CVE-2019-11459.patch: handle failure
      from TIFFREADGBAImageOriented, returning NULL instead
      of displaying uninitialized memory in backend/tiff/tiff-document.c.
    - CVE-2019-11459

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 25 Apr 2019 12:31:44 -0300

Source diff to previous version
CVE-2019-11459 The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle err

Version: 3.18.2-1ubuntu4.3 2017-12-04 18:06:44 UTC

  evince (3.18.2-1ubuntu4.3) xenial-security; urgency=medium

  * SECURITY UPDATE: command injection in dvi backend
    - debian/patches/CVE-2017-1000159.patch: properly quote filename in
      backend/dvi/dvi-document.c.
    - CVE-2017-1000159

 -- Marc Deslauriers <email address hidden> Thu, 30 Nov 2017 14:10:45 -0500

Source diff to previous version

Version: 3.18.2-1ubuntu4.2 2017-11-02 18:06:34 UTC

  evince (3.18.2-1ubuntu4.2) xenial; urgency=medium

  * debian/patches/git_mimetype_typo.patch:
    - remove trailing ";" which leads to non working mailcap, regression
      introduced in the previous upload (lp: #1716357)

 -- Sebastien Bacher <email address hidden> Fri, 29 Sep 2017 15:17:37 -0400

1716357 a typo in evince-previewer.desktop breaks /etc/mailcap



About   -   Send Feedback to @ubuntu_updates