CVE-2022-29536 epiphany
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
epiphany-browser (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Impact
-----
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
Testing Done
------------
I completed a build and install test.
After installing, I was able to watch a video on YouTube (I needed to install gstreamer1.
I was able to use Reader Mode on a blog site.
And I was able to load https:/
I was unable to trigger a crash using a webpage with a long title set, but that doesn't mean the bug still couldn't be exploitable under the right conditions.
Sponsoring
----------
I am attaching a debdiff. Alternatively you could build from our VCS:
gbp clone https:/
git checkout ubuntu/jammy
gbp buildpackage --git-builder=
That will create the source package you can upload to your PPA
Please upload the fix for 20.04 LTS at the same time. For simplicity, I only attached that debdiff at LP: #1955362 (which has other security fixes already fixed for 22.04 LTS).
The Ubuntu Release Team requests coordination before making any jammy-security releases this week while Ubuntu 22.04.1 LTS is prepared. However, epiphany-browser is not seeded in any Ubuntu flavor.
https:/
CVE References
no longer affects: | epiphany-browser (Ubuntu Impish) |
description: | updated |
This bug was fixed in the package epiphany-browser - 42.2-1
---------------
epiphany-browser (42.2-1) unstable; urgency=high
* New upstream release
- Includes fix for CVE-2022-29536 (Closes: #1009959) (LP: #1969851)
-- Jeremy Bicha <email address hidden> Thu, 21 Apr 2022 17:01:00 -0400