** No longer affects: atril (Ubuntu Zesty) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1735418
Title: [CVE] Command injection with cbt files Status in atril package in Ubuntu: Fix Released Status in atril source package in Xenial: Confirmed Status in atril source package in Artful: Fix Released Status in atril source package in Bionic: Fix Released Bug description: backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/atril/+bug/1735418/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : [email protected] Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
