*** This bug is a security vulnerability *** Public security bug reported:
[ Impact ] This is a security issue that allows a remote, unauthenticated attacker to obtain private information regarding the current process, and possibly remotely execute code. [ Test Case ] With this being the case of an eval() gone rouge, since the eval() has been now removed that's enough of a test case to assure the bug is fixed. [ Regression Potential ] limnoria contains a very comprehensive test suite, including for the Math plugin, so the regression potential is minimal. ** Affects: limnoria (Ubuntu) Importance: Medium Assignee: Mattia Rizzolo (mapreri) Status: Fix Released ** Affects: limnoria (Ubuntu Bionic) Importance: Medium Assignee: Mattia Rizzolo (mapreri) Status: New ** Also affects: limnoria (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: limnoria (Ubuntu Bionic) Assignee: (unassigned) => Mattia Rizzolo (mapreri) ** Changed in: limnoria (Ubuntu Bionic) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1852859 Title: CVE-2019-19010 - Eval injection in the Math plugin To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/limnoria/+bug/1852859/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs