CVE-2018-11396 epiphany crash fix
Bug #1773028 reported by
Jeremy Bícha
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Epiphany Browser |
Fix Released
|
Critical
|
|||
epiphany-browser (Debian) |
Fix Released
|
Unknown
|
|||
epiphany-browser (Ubuntu) |
Fix Released
|
High
|
Jeremy Bícha | ||
Bionic |
Fix Released
|
High
|
Unassigned |
Bug Description
Impact
------
The bug is a security issue
https:/
https:/
https:/
Test case
----------
Try opening https:/
Regression Potential
-------
Minimal fix cherry-pick upstream to gnome-3-28 and gnome-3-26 branches (corresponds with Ubuntu 17.10 and 18.04 LTS)
Testing Done
------------
Visiting the proof of concept link from the GNOME bug still crashes epiphany.
CVE References
description: | updated |
Changed in epiphany-browser (Ubuntu): | |
status: | Fix Released → Triaged |
Changed in epiphany-browser (Debian): | |
status: | Unknown → Fix Released |
Changed in epiphany-browser: | |
importance: | Unknown → Critical |
status: | Unknown → Fix Released |
Changed in epiphany-browser (Ubuntu Bionic): | |
assignee: | nobody → Jeremy Bicha (jbicha) |
Changed in epiphany-browser (Ubuntu): | |
assignee: | nobody → Jeremy Bicha (jbicha) |
Changed in epiphany-browser (Ubuntu Artful): | |
assignee: | nobody → Jeremy Bicha (jbicha) |
Changed in epiphany-browser: | |
status: | Fix Released → Confirmed |
Changed in epiphany-browser: | |
status: | Confirmed → Fix Released |
no longer affects: | epiphany-browser (Ubuntu Artful) |
Changed in epiphany-browser (Ubuntu Bionic): | |
assignee: | Jeremy Bicha (jbicha) → nobody |
status: | New → Fix Committed |
description: | updated |
Changed in epiphany-browser (Ubuntu): | |
importance: | Undecided → High |
Changed in epiphany-browser (Ubuntu Bionic): | |
importance: | Undecided → High |
information type: | Public → Public Security |
To post a comment you must log in.
This bug was fixed in the package epiphany-browser - 3.28.2.1-1ubuntu1
---------------
epiphany-browser (3.28.2.1-1ubuntu1) cosmic; urgency=medium
* Sync with Debian (LP: #1773028). Remaining change:
- Modify 07_bookmarks.patch:
+ Add Ubuntu-specific default bookmarks, borrowed from Firefox
epiphany-browser (3.28.2.1-1) unstable; urgency=medium
* New upstream release (LP: #1773026) tests.patch: Applied in new release Fix-crash- when-JS- opens-an- invalid- URI.patch:
* Drop disable-
* Add session-
Cherry-pick patch to fix CVE-2018-11396 (Closes: #899409)
-- Jeremy Bicha <email address hidden> Wed, 23 May 2018 18:25:13 -0400