I have uploaded this fix to a fresh test PPA of mine with all architectures enabled and only the security repo enabled. I then tested this in a Ubuntu MATE Xenial VM, and it works as intended with the POC given on GitHub.
Security Team, feel free to copy my upload to your PPA: https://launchpad.net/~tsimonq2/+archive/ubuntu/security-test-builds/+sourcepub/8864340/+listing-archive-extra The diffs for each are on that page if you would like to do it manually. Please sponsor this to go into Ubuntu. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1735418 Title: [CVE] Command injection with cbt files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/atril/+bug/1735418/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
