-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 08 Oct 2018 00:17:39 -0400 Source: evince Binary: evince evince-common libevdocument3-4 libevview3-3 libevince-dev gir1.2-evince-3.0 Architecture: source Version: 3.30.1-1 Distribution: unstable Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Jeremy Bicha <jbicha@debian.org> Description: evince - Document (PostScript, PDF) viewer evince-common - Document (PostScript, PDF) viewer - common files gir1.2-evince-3.0 - GObject introspection data for the evince libraries libevdocument3-4 - Document (PostScript, PDF) rendering library libevince-dev - Document (PostScript, PDF) rendering library - development files libevview3-3 - Document (PostScript, PDF) rendering library - Gtk+ widgets Closes: 909849 Launchpad-Bugs-Fixed: 1788929 1794848 Changes: evince (3.30.1-1) unstable; urgency=medium . [ Jeremy Bicha ] * New upstream release . [ Jamie Strandboge ] * debian/apparmor-profile.abstraction, apparmor-profile: harden the profile - add preamble for expectations of the profile - evince{-previewer}: restrict access to DBus system bus (we allow full access to session, translation and accessibility buses for compatibility) + allow Get* to anything polkit allows + allow talking to avahi (for printing) + allow talking to colord (for printing) - make the thumbnailer more restrictive (LP: #1794848) (Closes: #909849) + remove evince abstraction and use only what is needed from it + limit access to DBus session bus + generally disallow writes + allow reads for non-hidden files - disallow access to the dirs of private files (LP: #1788929) * debian/apparmor-profile: allow /bin/env ixr Checksums-Sha1: 030cfb5269593a1b5d173fcfcfa3d3424173a243 3069 evince_3.30.1-1.dsc 68f19b40fabc7929e71b6b50460ddd06bb6ce821 2270352 evince_3.30.1.orig.tar.xz a36a870f534e31edea6e219e6b6d5faa5d61550a 29576 evince_3.30.1-1.debian.tar.xz c6be41ee5b74dac008dbc65da0d4ce541b9f9a7a 20562 evince_3.30.1-1_source.buildinfo Checksums-Sha256: f4165fb5897f09500590dc3f6cf0cb407a13e230407060cb149b3a61d67b6737 3069 evince_3.30.1-1.dsc abc5516848e743bd79645e9693250974ffd5235617dd746c83b67c4c671ac0b7 2270352 evince_3.30.1.orig.tar.xz 69b8fd0de19aa3402a0fb67044ca25eec6620d5170ed599df13f258ff70a43b2 29576 evince_3.30.1-1.debian.tar.xz c37a69c2e4dcde9b9eb9eed1d0c7c353cd8ed156722eed2a981c7b3df578ae5f 20562 evince_3.30.1-1_source.buildinfo Files: 0bdea977b6d5dfe0c8763872ffc38377 3069 gnome optional evince_3.30.1-1.dsc 5977e03a7b238aeddae8e07586bd2c77 2270352 gnome optional evince_3.30.1.orig.tar.xz d93eebe133292c423a67cd9aa23acdee 29576 gnome optional evince_3.30.1-1.debian.tar.xz f0cce06cec2a0363d341138b5ad1f3b8 20562 gnome optional evince_3.30.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAlu62p4ACgkQ5mx3Wuv+ bH2W2hAAvQOxKtd1dmdPLI1qZshcni7qUkTGD64UaEqyCDIUMutzpH5WgEg4ySly 4VTVzVDxwQHxGBC9vHxB5vdb8koZmt/9VwHtOe7BVFc0Lg3OnQCl3lqB2H5DBYP9 SK9SMWLSpzfAvNwICp1cHz21FXM985QhAPMzM3GEUQ9mD/6utDcw4CaE+sryU562 W1ZXJdRDh8AnugLWTblqjeFpVW3biIJNNx/01CCdnw+vi9LQKqNH46ygHEVrWflO Nf98Ma2QUbEpvLzV4Q4Hv7Dluy0ovyHbZUXX2BNf8Z4aAxHPrJBlgkeEI/n6QeEA 2tHxIxhehCwkas0EgHgGc8kYCoGef3TF/xzHx2MTv9dHFMSdfoYe6gE/TN2CGBn4 O3LJaZ0PzB3ZD9PnllqzyJ4dT46fLRr7TsmnGq79dfDLRBAf0phVwXvQKtGnqzZp ir2BJuouE57EENkH/A711dHD5MUK5AfU/dyK1I0uOQOgev/xE/EH2mZq+ItP9gp4 0qOuaduH5pKIrjBlc8QXbCOJi9fRPgggnB5KLnkOPbWtgz61r+OzTSM5qOx+/Bo6 KL5P/ZWcMQvQG8ywZwK8AeAhX7lxoZsIIvNbwb74Qd/L2MnP0HT5VkFSZjRNE8Ey LZWhz5f+4QpSIwUNTGhzLOwA7SJlkcLclbUA4Mp1POmlcS6aJd0= =pdjw -----END PGP SIGNATURE-----
