DEBIAN-CVE-2017-1000083

backend/comics/comics-document.c aka the comic book backend in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a...

Updated atril packages fix security vulnerability

It was discovered that Atril made insecure use of tar when opening tar comic book archives CBT. Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely CVE-2017-1000083...