Commit db2697e9 authored by Germán Poo-Caamaño's avatar Germán Poo-Caamaño

NEWS: Add CVE numbers close their release notes

Some bug fixes did not happen to have a CVE number in the NEWS file.

Added also NEWS-security.md to aggregate the security fixes in Evince
across branches.  For example, CVE-2017-1000083 affected only until
version 3.24, which was already branched. Therefore, it does not
appear in the NEWS file from master. Sometimes, people want to have
a quick look if CVE are fixed in a product. By adding this file, we
hope we can cope with that need.

Fixes #864
parent 76c3920a
Pipeline #22818 passed with stage
in 13 minutes and 54 seconds
......@@ -380,11 +380,14 @@ Bug fixes:
* Fix several memory leaks (#770070 and #770069, Eric R. Schulz)
* Fix scaling calculation in PostScript backend (#755776, Jason
Crain)
* Fix a crash when processing button events in EvView (#769700,
Marek Kasik)
* Fix a crash when opening a copy of a document with annotation
popup windows (#760299, Jose Aliste)
Security Fixes:
* Fix a crash when processing button events in EvView (#769700)
CVE-2013-3718. (Marek Kasik)
Translation updates:
* David Medina (ca)
......@@ -2975,11 +2978,14 @@ New Features and UI Improvements:
Bug fixes:
* Fix return value in g_return_val_if_fail() macro (Daniel Garcia)
* Fix several security issues in dvi backend: CVE-2010-2640,
CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643 (José Aliste)
* Do not use deprecated API: GdkCursor, GtkStyle, size-request
(Carlos Garcia Campos)
Security Fixes:
* Fix several security issues in dvi backend: CVE-2010-2640,
CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643 (José Aliste)
Translation updates:
* Khaled Hosny (ar)
......@@ -5214,7 +5220,7 @@ Bug Fixes:
Security Fixes:
* Buffer overflow in PS backend. CVE-2006-5864. (Carlos Garcia Campos)
* Buffer overflow in PS backend (#380191). CVE-2006-5864. (Carlos Garcia Campos)
Translations:
......
Security fixes
==============
* Evince 3.24.1
* Remove support for tar and tar-like commands in commics backend
(#784630). CVE-2017-1000083. (Bastien Nocera)
* Evince 3.21.92
* Fix a crash when processing button events in EvView (#769700)
CVE-2013-3718. (Marek Kasik)
* Evince 2.91.5
* Fix several security issues in dvi backend.
CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643.
(José Aliste)
* Evince 0.7.0
* Buffer overflow in PS backend (#380191).
CVE-2006-5864. (Carlos Garcia Campos)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment