Meh, can't link this bug report to a CVE report as Launchpad claims that "CVE-2018-10895 is not a valid CVE number". But it obviously is.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10895 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1781295 Title: CVE-2018-10895: Possible remote code execution via CSRF in qute://settings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qutebrowser/+bug/1781295/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs