mirror of
https://gitlab.gnome.org/GNOME/evince
synced 2024-06-30 22:54:23 +00:00
Some bug fixes did not happen to have a CVE number in the NEWS file. Added also NEWS-security.md to aggregate the security fixes in Evince across branches. For example, CVE-2017-1000083 affected only until version 3.24, which was already branched. Therefore, it does not appear in the NEWS file from master. Sometimes, people want to have a quick look if CVE are fixed in a product. By adding this file, we hope we can cope with that need. Fixes #864
558 B
558 B
Security fixes
-
Evince 3.24.1
- Remove support for tar and tar-like commands in commics backend (#784630). CVE-2017-1000083. (Bastien Nocera)
-
Evince 3.21.92
- Fix a crash when processing button events in EvView (#769700) CVE-2013-3718. (Marek Kasik)
-
Evince 2.91.5
- Fix several security issues in dvi backend. CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643. (José Aliste)
-
Evince 0.7.0
- Buffer overflow in PS backend (#380191). CVE-2006-5864. (Carlos Garcia Campos)