This bug was fixed in the package evince - 3.28.4-0ubuntu1.2
---------------
evince (3.28.4-0ubuntu1.2) bionic-security; urgency=medium
* apparmor-profile: apply hardening from Ubuntu 18.10
- add preamble for expectations of the profile
- evince{-previewer}: restrict access to DBus system bus (we allow full
access to session, translation and accessibility buses for compatibility)
+ allow Get* to anything polkit allows
+ allow talking to avahi (for printing)
+ allow talking to colord (for printing)
- make the thumbnailer more restrictive (LP: #1794848) (Closes: #909849)
+ remove evince abstraction and use only what is needed from it
+ limit access to DBus session bus
+ generally disallow writes
+ allow reads for non-hidden files
* debian/apparmor-profile.abstraction: apply hardening from Ubuntu 18.10
- disallow access to the dirs of private files (LP: #1788929)
* debian/apparmor-profile: allow /bin/env ixr
-- Jamie Strandboge <[email protected]> Tue, 18 Jun 2019 19:15:55 +0000
** Changed in: evince (Ubuntu Bionic)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1788929
Title:
Debian/Ubuntu AppArmor policy gaps in evince
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1788929/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
