evince/NEWS-security.md

Security fixes
==============

* Evince 3.24.1

    * Remove support for tar and tar-like commands in commics backend
      (#784630). CVE-2017-1000083. (Bastien Nocera)

* Evince 3.21.92

    * Fix a crash when processing button events in EvView (#769700)
      CVE-2013-3718. (Marek Kasik)

* Evince 2.91.5

    * Fix several security issues in dvi backend.
      CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643.
      (José Aliste)

* Evince 0.7.0

    * Buffer overflow in PS backend (#380191).
      CVE-2006-5864. (Carlos Garcia Campos)
NEWS: Add CVE numbers close their release notes Some bug fixes did not happen to have a CVE number in the NEWS file. Added also NEWS-security.md to aggregate the security fixes in Evince across branches. For example, CVE-2017-1000083 affected only until version 3.24, which was already branched. Therefore, it does not appear in the NEWS file from master. Sometimes, people want to have a quick look if CVE are fixed in a product. By adding this file, we hope we can cope with that need. Fixes #864 2018-08-01 20:03:51 +00:00			`Security fixes`
			`==============`

			`* Evince 3.24.1`

			`* Remove support for tar and tar-like commands in commics backend`
			`(#784630). CVE-2017-1000083. (Bastien Nocera)`

			`* Evince 3.21.92`

			`* Fix a crash when processing button events in EvView (#769700)`
			`CVE-2013-3718. (Marek Kasik)`

			`* Evince 2.91.5`

			`* Fix several security issues in dvi backend.`
			`CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643.`
			`(José Aliste)`

			`* Evince 0.7.0`

			`* Buffer overflow in PS backend (#380191).`
			`CVE-2006-5864. (Carlos Garcia Campos)`