This bug was fixed in the package limnoria - 2018.01.25-1ubuntu18.04.1
---
limnoria (2018.01.25-1ubuntu18.04.1) bionic; urgency=medium
* Add patch from upstream to fix remote information disclosure and
possibly remote code execution in the Math plugin.
LP: #1852859;
I got around to id and verified that the version currently in proposed
(2018.01.25-1ubuntu18.04.1) works as expected, and the Math plugin
indeed keeps behaving as I expect it to.
** Tags removed: verification-needed verification-needed-bionic
** Tags added: verification-done
Hello Mattia, or anyone else affected,
Accepted limnoria into bionic-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/limnoria/2018.01.25-1ubuntu18.04.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package.
However note that I already uploaded the fix to bionic-proposed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1852859
Title:
CVE-2019-19010 - Eval injection in the Math plugin
To manage
And as a data note, the Debian Security team considers this bug minor
and not worthy of going through Debian's -security archive.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1852859
Title:
Since this is a security issue, maybe the security team would be
interested in it? Assigning the security team for feedback. Even though
this is an universe package, getting it into -security might still be a
thing worth considering.
--
You received this bug notification because you are a member
** Changed in: limnoria (Ubuntu Bionic)
Status: New => In Progress
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19010
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1852859
