mirror of
https://gitlab.gnome.org/GNOME/evince
synced 2024-06-30 22:54:23 +00:00
Some bug fixes did not happen to have a CVE number in the NEWS file. Added also NEWS-security.md to aggregate the security fixes in Evince across branches. For example, CVE-2017-1000083 affected only until version 3.24, which was already branched. Therefore, it does not appear in the NEWS file from master. Sometimes, people want to have a quick look if CVE are fixed in a product. By adding this file, we hope we can cope with that need. Fixes #864
24 lines
558 B
Markdown
24 lines
558 B
Markdown
Security fixes
|
|
==============
|
|
|
|
* Evince 3.24.1
|
|
|
|
* Remove support for tar and tar-like commands in commics backend
|
|
(#784630). CVE-2017-1000083. (Bastien Nocera)
|
|
|
|
* Evince 3.21.92
|
|
|
|
* Fix a crash when processing button events in EvView (#769700)
|
|
CVE-2013-3718. (Marek Kasik)
|
|
|
|
* Evince 2.91.5
|
|
|
|
* Fix several security issues in dvi backend.
|
|
CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643.
|
|
(José Aliste)
|
|
|
|
* Evince 0.7.0
|
|
|
|
* Buffer overflow in PS backend (#380191).
|
|
CVE-2006-5864. (Carlos Garcia Campos)
|