This bug was fixed in the package evince - 3.18.2-1ubuntu4.5

---------------
evince (3.18.2-1ubuntu4.5) xenial-security; urgency=medium

  * apparmor-profile: apply hardening from Ubuntu 18.10
    - add preamble for expectations of the profile
    - evince{-previewer}: restrict access to DBus system bus (we allow full
      access to session, translation and accessibility buses for compatibility)
      + allow Get* to anything polkit allows
      + allow talking to avahi (for printing)
      + allow talking to colord (for printing)
    - make the thumbnailer more restrictive (LP: #1794848) (Closes: #909849)
      + remove evince abstraction and use only what is needed from it
      + limit access to DBus session bus
      + generally disallow writes
      + allow reads for non-hidden files
  * debian/apparmor-profile.abstraction: apply hardening from Ubuntu 18.10
    - disallow access to the dirs of private files (LP: #1788929)
  * debian/apparmor-profile: allow /bin/env ixr

 -- Jamie Strandboge <ja...@ubuntu.com>  Tue, 18 Jun 2019 19:28:02 +0000

** Changed in: evince (Ubuntu Xenial)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1788929

Title:
  Debian/Ubuntu AppArmor policy gaps in evince

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1788929/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

Reply via email to