Candidate: CVE-2018-6790
PublicDate: 2018-02-07 02:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6790
 https://phabricator.kde.org/D10188
 https://www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php
Description:
 An issue was discovered in KDE Plasma Workspace before 5.12.0.
 dataengines/notifications/notificationsengine.cpp allows remote attackers
 to discover client IP addresses via a URL in a notification, as
 demonstrated by the src attribute of an IMG element.
Ubuntu-Description:
Notes:
 seth-arnold> Changes run-time behaviour of notifications in a way that is
  likely to cause regression bugs.
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/plasma-workspace/+bug/1748247
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]


Patches_kde-workspace:
upstream_kde-workspace: needs-triage
precise/esm_kde-workspace: DNE
trusty_kde-workspace: ignored (too intrusive)
trusty/esm_kde-workspace: DNE (trusty was ignored [too intrusive])
xenial_kde-workspace: DNE
artful_kde-workspace: DNE
devel_kde-workspace: DNE

Patches_plasma-workspace:
 upstream: https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c
 upstream: https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938
upstream_plasma-workspace: needs-triage
precise/esm_plasma-workspace: DNE
trusty_plasma-workspace: DNE
trusty/esm_plasma-workspace: DNE
xenial_plasma-workspace: ignored (too intrusive)
artful_plasma-workspace: ignored (too intrusive)
devel_plasma-workspace: not-affected (4:5.12.1-0ubuntu1)