diff -Nru evince-3.10.3/debian/changelog evince-3.10.3/debian/changelog
--- evince-3.10.3/debian/changelog	2015-03-09 18:03:28.000000000 +0000
+++ evince-3.10.3/debian/changelog	2017-07-12 06:00:28.000000000 +0000
@@ -1,3 +1,12 @@
+evince (3.10.3-0ubuntu10.3) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: command injection via cbt files
+    - debian/patches/CVE-2017-1000083.patch: disable cbt support
+      entirely as not widely used.
+    - CVE-2017-1000083
+
+ -- Steve Beattie <sbeattie@ubuntu.com>  Tue, 11 Jul 2017 23:00:19 -0700
+
 evince (3.10.3-0ubuntu10.2) trusty; urgency=medium
 
   * debian/patches/slash_to_search.patch: register "slash" as a valid
diff -Nru evince-3.10.3/debian/patches/CVE-2017-1000083.patch evince-3.10.3/debian/patches/CVE-2017-1000083.patch
--- evince-3.10.3/debian/patches/CVE-2017-1000083.patch	1970-01-01 00:00:00.000000000 +0000
+++ evince-3.10.3/debian/patches/CVE-2017-1000083.patch	2017-07-12 05:59:47.000000000 +0000
@@ -0,0 +1,93 @@
+From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Thu, 6 Jul 2017 20:02:00 +0200
+Subject: [PATCH] comics: Remove support for tar and tar-like commands
+
+When handling tar files, or using a command with tar-compatible syntax,
+to open comic-book archives, both the archive name (the name of the
+comics file) and the filename (the name of a page within the archive)
+are quoted to not be interpreted by the shell.
+
+But the filename is completely with the attacker's control and can start
+with "--" which leads to tar interpreting it as a command line flag.
+
+This can be exploited by creating a CBT file (a tar archive with the
+.cbt suffix) with an embedded file named something like this:
+"--checkpoint-action=exec=bash -c 'touch ~/hacked;'.jpg"
+
+CBT files are infinitely rare (CBZ is usually used for DRM-free
+commercial releases, CBR for those from more dubious provenance), so
+removing support is the easiest way to avoid the bug triggering. All
+this code was rewritten in the development release for GNOME 3.26 to not
+shell out to any command, closing off this particular attack vector.
+
+This also removes the ability to use libarchive's bsdtar-compatible
+binary for CBZ (ZIP), CB7 (7zip), and CBR (RAR) formats. The first two
+are already supported by unzip and 7zip respectively. libarchive's RAR
+support is limited, so unrar is a requirement anyway.
+
+Discovered by Felix Wilhelm from the Google Security Team.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=784630
+
+[backported to evince 3.10 -- sbeattie]
+
+CVE-2017-1000083
+---
+ backend/comics/comics-document.c |   40 ---------------------------------------
+ configure.ac                     |    2 -
+ 2 files changed, 2 insertions(+), 40 deletions(-)
+
+Index: b/backend/comics/comics-document.c
+===================================================================
+--- a/backend/comics/comics-document.c
++++ b/backend/comics/comics-document.c
+@@ -56,8 +56,7 @@ typedef enum
+ 	RARLABS,
+ 	GNAUNRAR,
+ 	UNZIP,
+-	P7ZIP,
+-	TAR
++	P7ZIP
+ } ComicBookDecompressType;
+ 
+ typedef struct _ComicsDocumentClass ComicsDocumentClass;
+@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand
+ 
+         /* 7zip */
+ 	{NULL               , "%s l -- %s"     , "%s x -y %s -o%s", FALSE, OFFSET_7Z},
+-
+-        /* tar */
+-	{"%s -xOf"          , "%s -tf %s"      , NULL             , FALSE, NO_OFFSET}
+ };
+ 
+ static GSList*    get_supported_image_extensions (void);
+@@ -422,15 +405,6 @@ comics_check_decompress_command	(gchar
+ 			comics_document->command_usage = P7ZIP;
+ 			return TRUE;
+ 		}
+-	} else if (!strcmp (mime_type, "application/x-cbt") ||
+-		   !strcmp (mime_type, "application/x-tar")) {
+-		/* tar utility (Tape ARchive) */
+-		comics_document->selected_command =
+-				g_find_program_in_path ("tar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+ 	} else {
+ 		g_set_error (error,
+ 			     EV_DOCUMENT_ERROR,
+Index: b/configure.ac
+===================================================================
+--- a/configure.ac
++++ b/configure.ac
+@@ -785,7 +785,7 @@ AC_SUBST(TIFF_MIME_TYPES)
+ 	EVINCE_MIME_TYPES="${EVINCE_MIME_TYPES}image/tiff;"
+ fi
+ if test "x$enable_comics" = "xyes"; then
+-	EVINCE_MIME_TYPES="${EVINCE_MIME_TYPES}application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;"
++	EVINCE_MIME_TYPES="${EVINCE_MIME_TYPES}application/x-cbr;application/x-cbz;application/x-cb7;"
+ fi
+ if test "x$enable_xps" = "xyes"; then
+    	EVINCE_MIME_TYPES="${EVINCE_MIME_TYPES}application/oxps;application/vnd.ms-xpsdocument;"
diff -Nru evince-3.10.3/debian/patches/series evince-3.10.3/debian/patches/series
--- evince-3.10.3/debian/patches/series	2015-03-09 18:02:21.000000000 +0000
+++ evince-3.10.3/debian/patches/series	2017-07-12 05:55:11.000000000 +0000
@@ -4,3 +4,4 @@
 0002-Don-t-use-gtk_application_set_accels_for_action.patch
 gtk310-secondary-keybindings.patch
 slash_to_search.patch
+CVE-2017-1000083.patch