This bug was fixed in the package plasma-workspace -
4:5.5.5.2-0ubuntu1.1
---
plasma-workspace (4:5.5.5.2-0ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Arbitrary command execution in the removable device
notifier (LP: #1748247):
- fix-CVE-2018-6791.patch
This bug was fixed in the package plasma-workspace - 4:5.10.5-0ubuntu1.1
---
plasma-workspace (4:5.10.5-0ubuntu1.1) artful-security; urgency=high
* SECURITY UPDATE: Arbitrary command execution in the removable device
notifier (LP: #1748247):
- fix-CVE-2018-6791.patch
-
I have uploaded these fixes (for Artful and Xenial) to a fresh, empty
test PPA of mine with all architectures enabled and only the security
repo enabled. I then tested both in VMs of each release, and they work
as intended. It also fixes the security issue.
Security Team, feel free to copy my
So it looks like Backports already has the fixes.
** Changed in: kubuntu-ppa/artful
Status: New => Fix Released
** Changed in: kubuntu-ppa/xenial
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
These fixes should be looked into for Backports too.
** Also affects: kubuntu-ppa
Importance: Undecided
Status: New
** Also affects: kubuntu-ppa/artful
Importance: Undecided
Status: New
** Also affects: kubuntu-ppa/xenial
Importance: Undecided
Status: New
**
There isn't even a plasma-workspace on Trusty...
** No longer affects: plasma-workspace (Ubuntu Trusty)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748247
Title:
[CVE] Arbitrary command
I remember having a discussion with the security team and forgot to
update this bug...
CVE-2018-6790 isn't worth patching because it's a low priority CVE with
an intrusive patch. So I consider that Won't Fix.
** Description changed:
KDE Project Security Advisory
Debian says kde-runtime isn't affected, and I can confirm.
** Changed in: kde-runtime (Ubuntu Trusty)
Status: In Progress => Invalid
** Changed in: kde-runtime (Ubuntu Xenial)
Status: In Progress => Invalid
** No longer affects: kde-runtime (Ubuntu)
** No longer affects:
No information in the referenced CVE to say how or if it affects kde-
runtime.
** Changed in: kde-runtime (Ubuntu Bionic)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: plasma-workspace (Ubuntu Bionic)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748247
Title:
[CVE] Arbitrary command execution in the removable
I'm assigning the Bionic fixes to Rik; I'm unsure if plasma-workspace is
still affected, but it seems kde-runtime is in fact affected.
** Changed in: plasma-workspace (Ubuntu Bionic)
Importance: Undecided => High
** Changed in: plasma-workspace (Ubuntu Bionic)
Assignee: (unassigned) =>
CVE-2018-6790
CVE-2018-6791
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748247
Title:
[CVE] Arbitrary command execution in the removable device notifier
To manage notifications about this bug
12 matches
Mail list logo
