"I have just released 2.0.47. It fixes an issue that could allow a specially crafted .apkg file to write files outside the media folder during import. AnkiWeb shared decks were not affected, but upgrading is strongly recommended if you import .apkg files from third party sources. A big thanks to David Bailey for discovering this issue." [1] References: https://anki.tenderapp.com/discussions/announcements/122-security-issue-in-apkg-imports-from-third-party-sources-on-anki-2047
Created anki tracking bugs for this issue: Affects: fedora-all [bug 1529541]
Planning to resolve this by packaging 2.0.50 shortly.
anki-2.0.50-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
anki-2.0.50-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
anki-2.0.50-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
I believe this can be closed now given that 2.0.50 has been packaged.
Yes, feel free to close it. Thanks.