It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened.
https://security-tracker.debian.org/tracker/DSA-5688-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-5688-1
Continue reading...