diff --git a/NEWS b/NEWS index e53ef988..31a5ca6f 100644 --- a/NEWS +++ b/NEWS @@ -380,11 +380,14 @@ Bug fixes: * Fix several memory leaks (#770070 and #770069, Eric R. Schulz) * Fix scaling calculation in PostScript backend (#755776, Jason Crain) - * Fix a crash when processing button events in EvView (#769700, - Marek Kasik) * Fix a crash when opening a copy of a document with annotation popup windows (#760299, Jose Aliste) +Security Fixes: + + * Fix a crash when processing button events in EvView (#769700) + CVE-2013-3718. (Marek Kasik) + Translation updates: * David Medina (ca) @@ -2975,11 +2978,14 @@ New Features and UI Improvements: Bug fixes: * Fix return value in g_return_val_if_fail() macro (Daniel Garcia) - * Fix several security issues in dvi backend: CVE-2010-2640, - CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643 (José Aliste) * Do not use deprecated API: GdkCursor, GtkStyle, size-request (Carlos Garcia Campos) +Security Fixes: + + * Fix several security issues in dvi backend: CVE-2010-2640, + CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643 (José Aliste) + Translation updates: * Khaled Hosny (ar) @@ -5214,7 +5220,7 @@ Bug Fixes: Security Fixes: - * Buffer overflow in PS backend. CVE-2006-5864. (Carlos Garcia Campos) + * Buffer overflow in PS backend (#380191). CVE-2006-5864. (Carlos Garcia Campos) Translations: diff --git a/NEWS-security.md b/NEWS-security.md new file mode 100644 index 00000000..8725cc13 --- /dev/null +++ b/NEWS-security.md @@ -0,0 +1,23 @@ +Security fixes +============== + +* Evince 3.24.1 + + * Remove support for tar and tar-like commands in commics backend + (#784630). CVE-2017-1000083. (Bastien Nocera) + +* Evince 3.21.92 + + * Fix a crash when processing button events in EvView (#769700) + CVE-2013-3718. (Marek Kasik) + +* Evince 2.91.5 + + * Fix several security issues in dvi backend. + CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643. + (José Aliste) + +* Evince 0.7.0 + + * Buffer overflow in PS backend (#380191). + CVE-2006-5864. (Carlos Garcia Campos)