[3.6] evince: command injection via filename in tar-compressed comics archive (CVE-2017-1000083)
The comic book backend in evince 3.24.0 is vulnerable to a command
injection bug that can be used to execute arbitrary commands when a
cbt
file is opened.
Reference:
https://bugzilla.gnome.org/show\_bug.cgi?id=784630
(from redmine: issue id 7545, created on 2017-07-19, closed on 2017-08-15)
- Changesets:
- Revision e2b8e287 by Natanael Copa on 2017-08-14T15:03:20Z:
community/evince: security upgrade to 3.24.1 (CVE-2017-1000083)
fixes #7545