Source: leptonlib Version: 1.75.3-2 Severity: grave Tags: security patch Hi,
the following vulnerability was published for leptonlib. CVE-2018-7440[0]: | An issue was discovered in Leptonica through 1.75.3. The | gplotMakeOutput function allows command injection via a $(command) | approach in the gplot rootname argument. This issue exists because of | an incomplete fix for CVE-2018-3836. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7440 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7440 An upstream patch is available at: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b Please adjust the affected versions in the BTS as needed.
signature.asc
Description: PGP signature
