I'm assigning the Bionic fixes to Rik; I'm unsure if plasma-workspace is still affected, but it seems kde-runtime is in fact affected.
** Changed in: plasma-workspace (Ubuntu Bionic) Importance: Undecided => High ** Changed in: plasma-workspace (Ubuntu Bionic) Assignee: (unassigned) => Rik Mills (rikmills) ** Changed in: plasma-workspace (Ubuntu Artful) Importance: Undecided => High ** Changed in: plasma-workspace (Ubuntu Artful) Status: New => In Progress ** Changed in: plasma-workspace (Ubuntu Artful) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: plasma-workspace (Ubuntu Xenial) Importance: Undecided => High ** Changed in: plasma-workspace (Ubuntu Xenial) Status: New => In Progress ** Changed in: plasma-workspace (Ubuntu Xenial) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: plasma-workspace (Ubuntu Trusty) Importance: Undecided => High ** Changed in: plasma-workspace (Ubuntu Trusty) Status: New => In Progress ** Changed in: plasma-workspace (Ubuntu Trusty) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: kde-runtime (Ubuntu Bionic) Assignee: (unassigned) => Rik Mills (rikmills) ** Changed in: kde-runtime (Ubuntu Bionic) Importance: Undecided => High ** Changed in: kde-runtime (Ubuntu Artful) Importance: Undecided => High ** Changed in: kde-runtime (Ubuntu Artful) Status: New => In Progress ** Changed in: kde-runtime (Ubuntu Artful) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: kde-runtime (Ubuntu Xenial) Importance: Undecided => High ** Changed in: kde-runtime (Ubuntu Xenial) Status: New => In Progress ** Changed in: kde-runtime (Ubuntu Xenial) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: kde-runtime (Ubuntu Trusty) Importance: Undecided => High ** Changed in: kde-runtime (Ubuntu Trusty) Status: New => In Progress ** Changed in: kde-runtime (Ubuntu Trusty) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6790 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6791 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1748247 Title: [CVE] Arbitrary command execution in the removable device notifier To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kde-runtime/+bug/1748247/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs