[ubuntu/xenial-security] evince 3.18.2-1ubuntu4.5 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Wed Jun 19 19:40:44 UTC 2019
evince (3.18.2-1ubuntu4.5) xenial-security; urgency=medium
* apparmor-profile: apply hardening from Ubuntu 18.10
- add preamble for expectations of the profile
- evince{-previewer}: restrict access to DBus system bus (we allow full
access to session, translation and accessibility buses for compatibility)
+ allow Get* to anything polkit allows
+ allow talking to avahi (for printing)
+ allow talking to colord (for printing)
- make the thumbnailer more restrictive (LP: #1794848) (Closes: #909849)
+ remove evince abstraction and use only what is needed from it
+ limit access to DBus session bus
+ generally disallow writes
+ allow reads for non-hidden files
* debian/apparmor-profile.abstraction: apply hardening from Ubuntu 18.10
- disallow access to the dirs of private files (LP: #1788929)
* debian/apparmor-profile: allow /bin/env ixr
Date: 2019-06-18 21:31:18.863440+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/+source/evince/3.18.2-1ubuntu4.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list