* It was found that evince did not properly sanitize the command line
which is run to untar Comic Book Tar (CBT) files, thereby allowing command
injection. A specially crafted CBT file, when opened by evince or evince-
thumbnailer, could execute arbitrary commands in the context of the evince
program. (CVE-2017-1000083)
--