** Description changed: Impact ----- In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. Testing Done ------------ I completed a build and install test. After installing, I was able to watch a video on YouTube (I needed to install gstreamer1.0-plugins-bad first). I was able to use Reader Mode on a blog site. And I was able to load https://ubuntu.com/ normally. I was unable to trigger a crash using a webpage with a long title set, but that doesn't mean the bug still couldn't be exploitable under the right conditions. Sponsoring ---------- I am attaching a debdiff. Alternatively you could build from our VCS: gbp clone https://salsa.debian.org/gnome-team/epiphany-browser git checkout ubuntu/jammy gbp buildpackage --git-builder="debuild -S -nc" That will create the source package you can upload to your PPA Please upload the fix for 20.04 LTS at the same time. For simplicity, I only attached that debdiff at LP: #1955362 (which has other security fixes already fixed for 22.04 LTS). + + The Ubuntu Release Team requests coordination before making any jammy-security releases this week while Ubuntu 22.04.1 LTS is prepared. However, epiphany-browser is not seeded in any Ubuntu flavor. + https://lists.ubuntu.com/archives/ubuntu-devel/2022-July/042227.html
-- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1969851 Title: CVE-2022-29536 epiphany To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/epiphany-browser/+bug/1969851/+subscriptions -- desktop-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
