[ubuntu/bionic-updates] evince 3.28.4-0ubuntu1.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Jun 19 19:58:20 UTC 2019
evince (3.28.4-0ubuntu1.2) bionic-security; urgency=medium
* apparmor-profile: apply hardening from Ubuntu 18.10
- add preamble for expectations of the profile
- evince{-previewer}: restrict access to DBus system bus (we allow full
access to session, translation and accessibility buses for compatibility)
+ allow Get* to anything polkit allows
+ allow talking to avahi (for printing)
+ allow talking to colord (for printing)
- make the thumbnailer more restrictive (LP: #1794848) (Closes: #909849)
+ remove evince abstraction and use only what is needed from it
+ limit access to DBus session bus
+ generally disallow writes
+ allow reads for non-hidden files
* debian/apparmor-profile.abstraction: apply hardening from Ubuntu 18.10
- disallow access to the dirs of private files (LP: #1788929)
* debian/apparmor-profile: allow /bin/env ixr
Date: 2019-06-18 22:07:14.408931+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/evince/3.28.4-0ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list