*** This bug is a security vulnerability ***
Public security bug reported:
[ Impact ]
This is a security issue that allows a remote, unauthenticated attacker
to obtain private information regarding the current process, and
possibly remotely execute code.
[ Test Case ]
With this being the case of an eval() gone rouge, since the eval() has
been now removed that's enough of a test case to assure the bug is
fixed.
[ Regression Potential ]
limnoria contains a very comprehensive test suite, including for the
Math plugin, so the regression potential is minimal.
** Affects: limnoria (Ubuntu)
Importance: Medium
Assignee: Mattia Rizzolo (mapreri)
Status: Fix Released
** Affects: limnoria (Ubuntu Bionic)
Importance: Medium
Assignee: Mattia Rizzolo (mapreri)
Status: New
** Also affects: limnoria (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: limnoria (Ubuntu Bionic)
Assignee: (unassigned) => Mattia Rizzolo (mapreri)
** Changed in: limnoria (Ubuntu Bionic)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1852859
Title:
CVE-2019-19010 - Eval injection in the Math plugin
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/limnoria/+bug/1852859/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
