evince (3.18.2-1ubuntu4.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-1010006-*.patch: remove unused configure
      check for cairo_format_stride_for_width and fix overflow checks
      in backend/tiff/tiff-document.c.
    - CVE-2019-1010006

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 17 Jul 2019 09:48:28 -0300

evince (3.18.2-1ubuntu4.5) xenial-security; urgency=medium

  * apparmor-profile: apply hardening from Ubuntu 18.10
    - add preamble for expectations of the profile
    - evince{-previewer}: restrict access to DBus system bus (we allow full
      access to session, translation and accessibility buses for compatibility)
      + allow Get* to anything polkit allows
      + allow talking to avahi (for printing)
      + allow talking to colord (for printing)
    - make the thumbnailer more restrictive (LP: #1794848) (Closes: #909849)
      + remove evince abstraction and use only what is needed from it
      + limit access to DBus session bus
      + generally disallow writes
      + allow reads for non-hidden files
  * debian/apparmor-profile.abstraction: apply hardening from Ubuntu 18.10
    - disallow access to the dirs of private files (LP: #1788929)
  * debian/apparmor-profile: allow /bin/env ixr

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 18 Jun 2019 19:28:02 +0000

evince (3.18.2-1ubuntu4.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Uninitialized memory use
    - debian/patches/CVE-2019-11459.patch: handle failure
      from TIFFREADGBAImageOriented, returning NULL instead
      of displaying uninitialized memory in backend/tiff/tiff-document.c.
    - CVE-2019-11459

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Thu, 25 Apr 2019 12:31:44 -0300

evince (3.18.2-1ubuntu4.3) xenial-security; urgency=medium

  * SECURITY UPDATE: command injection in dvi backend
    - debian/patches/CVE-2017-1000159.patch: properly quote filename in
      backend/dvi/dvi-document.c.
    - CVE-2017-1000159

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 30 Nov 2017 14:10:45 -0500

evince (3.18.2-1ubuntu4.2) xenial; urgency=medium

  * debian/patches/git_mimetype_typo.patch:
    - remove trailing ";" which leads to non working mailcap, regression
      introduced in the previous upload (lp: #1716357)

 -- Sebastien Bacher <seb128@ubuntu.com>  Fri, 29 Sep 2017 15:17:37 -0400

evince (3.18.2-1ubuntu4.1) xenial-security; urgency=medium

  * SECURITY UPDATE: command injection via cbt files
    - debian/patches/CVE-2017-1000083.patch: disable cbt support
      entirely as not widely used.
    - CVE-2017-1000083

 -- Steve Beattie <sbeattie@ubuntu.com>  Tue, 11 Jul 2017 22:53:52 -0700

evince (3.18.2-1ubuntu4) xenial; urgency=medium

  * debian/control:
    - Set breaks/replaces for .desktop file moves
  * debian/evince.install:
  * debian/evince-common.install:
    - Move .desktop files from -common to the main binary (LP: #1553156)
    - Remove reference to obsolete evince-gtk.desktop

 -- Robert Ancell <robert.ancell@canonical.com>  Tue, 08 Mar 2016 21:40:27 +1300

evince (3.18.2-1ubuntu3) xenial; urgency=medium

  * Rebuild with the new poppler soname

 -- Sebastien Bacher <seb128@ubuntu.com>  Fri, 26 Feb 2016 19:52:08 +0100

evince (3.18.2-1ubuntu2) xenial; urgency=medium

  * Multiarchify the library packages. LP: #1508590.
  * libevdocument3-4: Breaks: evince-hwp (<< 0.1.1-2ubuntu1).

 -- Matthias Klose <doko@ubuntu.com>  Wed, 24 Feb 2016 16:30:05 +0100

evince (3.18.2-1ubuntu1) xenial; urgency=medium

  * Resynchronize on Debian including fixed PIE build (lp: #1496548), 
    remaining changes
  * debian/apparmor-profile:
  * debian/apparmor-profile.abstraction:
  * debian/evince.apport:
  * debian/evince-common.dirs:
    - Ubuntu apparmor profile
  * debian/control:
    - Build-Depend on dh-apparmor and libgrip-dev
    - don't depends on gnome-icon-theme-symbolic it's deprecated and 
      replaced by the adwaita theme (lp: #1510819)
    - Suggests on apparmor
  * debian/patches/git_sidebar_label.patch:
    - show the page label instead of page number (lp: #1506967)
  * debian/patches/traditional_menu_bar.patch:
    - use traditionnal menubars under Unity, updated to show the buttons
      in the window as well as upstream does (less change and clean
      warnings displayed on start before)
  * debian/patches/unity_normal_titlebar.patch:
    - use traditionnal titlebar out of gnome-shell
  * debian/rules:
    - install apparmor and apport files, update translations template

 -- Sebastien Bacher <seb128@ubuntu.com>  Thu, 12 Nov 2015 19:05:03 +0100

# For older changelog entries, run 'apt-get changelog evince-common'