Simon, thank you for preparing this update. I'll sponsor it as-is, but honestly, I think evince's solution to drop support for cbt files entirely (given their infrequent use as a comic-ebook format), rather than try to blacklist all possible bad tar options, is the more appropriate action to take.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1735418 Title: [CVE] Command injection with cbt files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/atril/+bug/1735418/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
