[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
This bug was fixed in the package epiphany-browser - 3.28.5-0ubuntu1 --- epiphany-browser (3.28.5-0ubuntu1) bionic; urgency=medium * New bugfix version (lp: #1815602) - Fix CVE-2018-11396/CVE-2018-12016 (lp: #1773028) * debian/patches/disable-tests.patch: removed change in the new version -- Sebastien Bacher Tue, 28 May 2019 20:10:09 +0200 ** Changed in: epiphany-browser (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
Using 3.28.5-0ubuntu1 the URL from the testcase stops segfaulting the browser, SRU fix verified ** Description changed: - Impact + Impact -- The bug is a security issue https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11396 https://git.gnome.org/browse/epiphany/commit/?h=gnome-3-26&id=56a254bf https://security-tracker.debian.org/tracker/CVE-2018-11396 Test case -- - Try opening https://bug795740.bugzilla-attachments.gnome.org/attachment.cgi?id=371595 it shold segfault the browser + Try opening https://bug795740.bugzilla-attachments.gnome.org/attachment.cgi?id=371595 it should not segfault the browser Regression Potential Minimal fix cherry-pick upstream to gnome-3-28 and gnome-3-26 branches (corresponds with Ubuntu 17.10 and 18.04 LTS) Testing Done Visiting the proof of concept link from the GNOME bug still crashes epiphany. ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
Hello Jeremy, or anyone else affected, Accepted epiphany-browser into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/epiphany- browser/3.28.5-0ubuntu1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Tags added: verification-needed verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
** Changed in: epiphany-browser (Ubuntu) Importance: Undecided => High ** Changed in: epiphany-browser (Ubuntu Bionic) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
** Description changed: + Impact + -- + The bug is a security issue + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11396 https://git.gnome.org/browse/epiphany/commit/?h=gnome-3-26&id=56a254bf https://security-tracker.debian.org/tracker/CVE-2018-11396 + + Test case + -- + Try opening https://bug795740.bugzilla-attachments.gnome.org/attachment.cgi?id=371595 it shold segfault the browser Regression Potential Minimal fix cherry-pick upstream to gnome-3-28 and gnome-3-26 branches (corresponds with Ubuntu 17.10 and 18.04 LTS) Testing Done Visiting the proof of concept link from the GNOME bug still crashes epiphany. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
** Changed in: epiphany-browser (Ubuntu Bionic) Assignee: Jeremy Bicha (jbicha) => (unassigned) ** Changed in: epiphany-browser (Ubuntu Bionic) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
** No longer affects: epiphany-browser (Ubuntu Artful) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
This bug was fixed in the package epiphany-browser - 3.29.91-1ubuntu1 --- epiphany-browser (3.29.91-1ubuntu1) cosmic; urgency=medium * Sync with Debian (LP: #1773028). Remaining change: - Modify 07_bookmarks.patch: + Add Ubuntu-specific default bookmarks, borrowed from Firefox epiphany-browser (3.29.91-1) experimental; urgency=medium * New upstream development release - This release drops support for NPAPI plugins * Drop recommends for libwebkit2gtk-4.0-37-gtk2 & browser-plugin-evince because NPAPI plugins aren't supported * Bump minimum libwebkit2gtk-4.0-dev to 2.21.5 * Build-depend on libdazzle-1.0-dev * debian/epiphany-browser.docs: README renamed to README.md * Add Disable-webapps-test to avoid new failing test epiphany-browser (3.28.3.1-1) unstable; urgency=medium * New upstream release (Closes: #901018) - Includes fixes for CVE-2018-11396 and CVE-2018-12016 * Drop session-Fix-crash-when-JS-opens-an-invalid-URI.patch: Applied -- Jeremy Bicha Thu, 23 Aug 2018 15:36:40 -0400 ** Changed in: epiphany-browser (Ubuntu) Status: Triaged => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12016 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
** Changed in: epiphany-browser Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
** Changed in: epiphany-browser Status: Fix Released => Confirmed -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
** Changed in: epiphany-browser (Ubuntu) Assignee: (unassigned) => Jeremy Bicha (jbicha) ** Changed in: epiphany-browser (Ubuntu Artful) Assignee: (unassigned) => Jeremy Bicha (jbicha) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
** Changed in: epiphany-browser (Ubuntu Bionic) Assignee: (unassigned) => Jeremy Bicha (jbicha) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
** Changed in: epiphany-browser Status: Unknown => Fix Released ** Changed in: epiphany-browser Importance: Unknown => Critical -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
** Changed in: epiphany-browser (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
** Description changed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11396 https://git.gnome.org/browse/epiphany/commit/?h=gnome-3-26&id=56a254bf https://security-tracker.debian.org/tracker/CVE-2018-11396 Regression Potential Minimal fix cherry-pick upstream to gnome-3-28 and gnome-3-26 branches (corresponds with Ubuntu 17.10 and 18.04 LTS) Testing Done - pending + Visiting the proof of concept link from the GNOME bug still crashes epiphany. ** Changed in: epiphany-browser (Ubuntu) Status: Fix Released => Triaged ** Bug watch added: GNOME Bug Tracker #795740 https://bugzilla.gnome.org/show_bug.cgi?id=795740 ** Also affects: epiphany-browser via https://bugzilla.gnome.org/show_bug.cgi?id=795740 Importance: Unknown Status: Unknown ** Bug watch added: Debian Bug tracker #899409 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899409 ** Also affects: epiphany-browser (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899409 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773028] Re: CVE-2018-11396 epiphany crash fix
This bug was fixed in the package epiphany-browser - 3.28.2.1-1ubuntu1 --- epiphany-browser (3.28.2.1-1ubuntu1) cosmic; urgency=medium * Sync with Debian (LP: #1773028). Remaining change: - Modify 07_bookmarks.patch: + Add Ubuntu-specific default bookmarks, borrowed from Firefox epiphany-browser (3.28.2.1-1) unstable; urgency=medium * New upstream release (LP: #1773026) * Drop disable-tests.patch: Applied in new release * Add session-Fix-crash-when-JS-opens-an-invalid-URI.patch: Cherry-pick patch to fix CVE-2018-11396 (Closes: #899409) -- Jeremy Bicha Wed, 23 May 2018 18:25:13 -0400 ** Changed in: epiphany-browser (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11396 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/epiphany-browser/+bug/1773028/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs