In the meantime I have put the 1.10.14-0ubuntu2 package into an apt repository at http://david.woodhou.se/cve-2018-1000135/ for users who need it. I couldn't work out how to copy it into a PPA without rebuilding it.
In the short term can someone please at least confirm that no new update will be shipped for Bionic which *doesn't* fix this, so that I don't have to play games with keeping a package in that repository "newer" than the latest in bionic-updates?
Any word on when this CVE will be fixed?
In the meantime I have put the 1.10.14-0ubuntu2 package into an apt repository at http:// david.woodhou. se/cve- 2018-1000135/ for users who need it. I couldn't work out how to copy it into a PPA without rebuilding it.
In the short term can someone please at least confirm that no new update will be shipped for Bionic which *doesn't* fix this, so that I don't have to play games with keeping a package in that repository "newer" than the latest in bionic-updates?