[SECURITY] Fedora 13 Update: evince-2.30.3-2.fc13

updates at fedoraproject.org updates at fedoraproject.org
Wed Jan 12 05:23:01 UTC 2011 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0224
2011-01-07 19:29:25
--------------------------------------------------------------------------------

Name        : evince
Product     : Fedora 13
Version     : 2.30.3
Release     : 2.fc13
URL         : http://projects.gnome.org/evince/
Summary     : Document viewer
Description :
Evince is simple multi-page document viewer. It can display and print
Portable Document Format (PDF), PostScript (PS) and Encapsulated PostScript
(EPS) files. When supported by the document format, evince allows searching
for text, copying text to the clipboard, hypertext navigation,
table-of-contents bookmarks and editing of forms.

 Support for other document formats such as DVI and DJVU can be added by
installing additional backends.

--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan  6 2011 Marek Kasik <mkasik at redhat.com> - 2.30.3-2
- Fixes CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643
- Resolves: #667573
* Fri Jun 25 2010 Marek Kasik <mkasik at redhat.com> - 2.30.3-1
- Update to 2.30.3
* Tue Jun 22 2010 Marek Kasik <mkasik at redhat.com> - 2.30.2-1
- Update to 2.30.2 (resolves #587495)
- Remove unused patches
* Tue Jun 22 2010 Marek Kasik <mkasik at redhat.com> - 2.30.1-3
- Check whether metadata is NULL before using it
- Resolves: #597777
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #666314 - CVE-2010-2641 evince: Array index errror in DVI file VF font parser
        https://bugzilla.redhat.com/show_bug.cgi?id=666314
  [ 2 ] Bug #666318 - CVE-2010-2642 evince: Heap based buffer overflow in DVI file AFM font parser
        https://bugzilla.redhat.com/show_bug.cgi?id=666318
  [ 3 ] Bug #666313 - CVE-2010-2640 evince: Array index errror in DVI file PK font parser
        https://bugzilla.redhat.com/show_bug.cgi?id=666313
  [ 4 ] Bug #666321 - CVE-2010-2643 evince: Integer overflow in DVI file TFM font parser
        https://bugzilla.redhat.com/show_bug.cgi?id=666321
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update evince' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list