** Description changed:
Impact
-----
- For Ubuntu 22.04 LTS, we should just take epiphany 42.2
- For Ubuntu 21.10, look into taking epiphany 41.4
+ In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can
trigger a client buffer overflow (in ephy_string_shorten in the UI process) via
a long page title. The issue occurs because the number of bytes for a UTF-8
ellipsis character is not properly considered.
+
+ Testing Done
+ ------------
+ I completed a build and install test.
+
+ After installing, I was able to watch a video on YouTube (I needed to
+ install gstreamer1.0-plugins-bad first).
+
+ I was able to use Reader Mode on a blog site.
+
+ And I was able to load https://ubuntu.com/ normally.
+
+ I was unable to trigger a crash using a webpage with a long title set,
+ but that doesn't mean the bug still couldn't be exploitable under the
+ right conditions.
+
+ Sponsoring
+ ----------
+ I am attaching a debdiff. Alternatively you could build from our VCS:
+
+ gbp clone https://salsa.debian.org/gnome-team/epiphany-browser
+ git checkout ubuntu/jammy
+ gbp buildpackage --git-builder="debuild -S -nc"
+ That will create the source package you can upload to your PPA
+
+ Please upload the fix for 20.04 LTS at the same time. For simplicity, I
+ only attached that debdiff at LP: #1955362 (which has other security
+ fixes already fixed for 22.04 LTS).
** Changed in: epiphany-browser (Ubuntu Focal)
Status: New => Confirmed
** Changed in: epiphany-browser (Ubuntu Jammy)
Status: New => Confirmed
** Patch added: "epiphany-jammy-lp1969851.debdiff"
https://bugs.launchpad.net/ubuntu/+source/epiphany-browser/+bug/1969851/+attachment/5606172/+files/epiphany-jammy-lp1969851.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1969851
Title:
CVE-2022-29536 epiphany
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/epiphany-browser/+bug/1969851/+subscriptions
--
desktop-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
