I'm a bit confused here. As I understand it this upload uses the build
option --enable-ps something that was disabled by upstream due to an
unknown (the ghostscript bug is still private) security issue with
postscript files. Is this security issue really fixed in Ubuntu 18.04?
If so please provide some evidence. Thanks!
** Changed in: evince (Ubuntu Bionic)
Status: Triaged => Incomplete
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1790609
Title:
Update evince to 3.28.4
Status in evince package in Ubuntu:
Fix Released
Status in evince source package in Bionic:
Incomplete
Bug description:
[Impact]
New release in the stable 3.28 series.
https://gitlab.gnome.org/GNOME/evince/commits/gnome-3-28
https://gitlab.gnome.org/GNOME/evince/blob/gnome-3-28/NEWS
[Test Case]
1. Install new evince version
2. try opening multiple pdf and ps files, ensure no obvious regression is
visible.
[Regression Potential]
The visible regression potential is the enable-ps (see comment below),
otherwise, the new evince upstream release has been released a while ago with
no post-release fixes: https://gitlab.gnome.org/GNOME/evince/commits/gnome-3-28
[Other Info]
Please add --enable-ps to the build options since this version disables
viewing Postscript files as a workaround for security issues in Ghostscript. We
should fix Ghostscript instead.
See https://gitlab.gnome.org/GNOME/evince/issues/967
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1790609/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
