CVE-2019-19010

Priority
Description
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and
Supybot (through 2018-05-09) allows remote unprivileged attackers to
disclose information or possibly have unspecified other impact via the calc
and icalc IRC commands.
Mitigation
Unload the Math plugin (command: @unload Math)
Disable these commands for all users (commands: @defaultcapability add
-Math.calc @defaultcapability add -Math.icalc @defaultcapability add
-Math.rpn)
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.04 (Disco Dingo):ignored (reached end-of-life)
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):not-affected (2019.11.09-2)
Patches:
Upstream:https://github.com/ProgVal/Limnoria/commit/3848ae78de45b35c029cc333963d436b9d2f0a35
More Information

Updated: 2020-01-23 20:49:38 UTC (commit b4629892d998f2ede31f59bb7508dc50a92ac664)