Bug 1157009 (CVE-2019-19010) - VUL-1: CVE-2019-19010: python-limnoria, Supybot: Eval injection in the Math plugin allows remote unprivileged attackers to disclose information
Summary: VUL-1: CVE-2019-19010: python-limnoria, Supybot: Eval injection in the Math p...
Status: RESOLVED FIXED
Alias: CVE-2019-19010
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.1
Hardware: Other Other
: P4 - Low : Minor (vote)
Target Milestone: ---
Assignee: Atri Bhattacharya
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/247460/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-18 10:44 UTC by Wolfgang Frisch
Modified: 2020-06-14 11:05 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-11-18 10:44:44 UTC 
CVE-2019-19010

Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot
(through 2018-05-09) allows remote unprivileged attackers to disclose
information or possibly have unspecified other impact via the calc and icalc IRC
commands.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19010
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19010.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19010
https://github.com/ProgVal/Limnoria/commit/3848ae78de45b35c029cc333963d436b9d2f0a35
https://github.com/ProgVal/Limnoria/wiki/math-eval-vulnerability
Comment 1 Lars Vogdt 2019-11-18 10:59:35 UTC 
Sorry: I'm not the official package maintainer here. Just submitted the latest version via branch -> SR #749139 

Re-assigning to the current maintainer: Atri Bhattacharya
Comment 2 OBSbugzilla Bot 2020-06-07 19:20:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1157009) was mentioned in
https://build.opensuse.org/request/show/812288 15.1 / python-limnoria
Comment 3 Atri Bhattacharya 2020-06-14 11:05:36 UTC 
Fix request accepted. Thanks for the report.