Hi, On Fri, May 11, 2018 at 12:01:02PM -0700, Jeff Breidenbach wrote: > Believed fixed in Debian package 1.76.0-1 > > Status of various vulnerabilities, as per upstream: > > * CVE-2018-7442: potential injection attack because '/' is allowed > in gplot rootdir. > Functions using this command have been disabled by default in the > distribution, starting with 1.76.0. As for the specific issue, it > is impossible to specify a general path without using the standard > directory subdivider '/'.
Ah good, I missed your unstable upload from yesterday. Regards, Salvatore
