Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

epiphany-browser: CVE-2018-12016

Related Vulnerabilities: CVE-2018-12016   CVE-2018-11396  

Source

Debian Bug report logs - #901018
epiphany-browser: CVE-2018-12016

version graph

Package: src:epiphany-browser; Maintainer for src:epiphany-browser is Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 8 Jun 2018 04:03:01 UTC

Severity: normal

Tags: security, upstream

Found in version epiphany-browser/3.28.2.1-1

Fixed in version epiphany-browser/3.28.3.1-1

Done: Jeremy Bicha <jbicha@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#901018; Package src:epiphany-browser. (Fri, 08 Jun 2018 04:03:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>. (Fri, 08 Jun 2018 04:03:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: epiphany-browser: CVE-2018-12016
Date: Fri, 08 Jun 2018 05:58:21 +0200
Source: epiphany-browser
Version: 3.28.2.1-1
Severity: normal
Tags: security upstream

Hi,

The following vulnerability was published for epiphany-browser,
filling it for tracking purposes. AFAIK there is no report upstream on
it.

CVE-2018-12016[0]:
| libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows
| remote attackers to cause a denial of service (application crash) via
| certain window.open and document.write calls.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-12016
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12016

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply sent to Jeremy Bicha <jbicha@debian.org>:
You have taken responsibility. (Thu, 23 Aug 2018 19:21:16 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Thu, 23 Aug 2018 19:21:16 GMT) (full text, mbox, link).

Message #10 received at 901018-close@bugs.debian.org (full text, mbox, reply):

From: Jeremy Bicha <jbicha@debian.org>
To: 901018-close@bugs.debian.org
Subject: Bug#901018: fixed in epiphany-browser 3.28.3.1-1
Date: Thu, 23 Aug 2018 19:19:30 +0000
Source: epiphany-browser
Source-Version: 3.28.3.1-1

We believe that the bug you reported is fixed in the latest version of
epiphany-browser, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 901018@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jeremy Bicha <jbicha@debian.org> (supplier of updated epiphany-browser package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 23 Aug 2018 15:01:46 -0400
Source: epiphany-browser
Binary: epiphany-browser epiphany-browser-data
Architecture: source
Version: 3.28.3.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Jeremy Bicha <jbicha@debian.org>
Description:
 epiphany-browser - Intuitive GNOME web browser
 epiphany-browser-data - Data files for the GNOME web browser
Closes: 901018
Changes:
 epiphany-browser (3.28.3.1-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #901018)
     - Includes fixes for CVE-2018-11396 and CVE-2018-12016
   * Drop session-Fix-crash-when-JS-opens-an-invalid-URI.patch: Applied
Checksums-Sha1:
 c004a41892c255ab4d6630f2279cf3757c97b2c3 2772 epiphany-browser_3.28.3.1-1.dsc
 3b854ea5afe1a7f7d4452161e29455f333ed6377 4475124 epiphany-browser_3.28.3.1.orig.tar.xz
 791c891fafbc9cdcba4d7e7e9faaf989a98fa6a3 28940 epiphany-browser_3.28.3.1-1.debian.tar.xz
 59002fa4a91df26dbc97bcf662a28cea0d3968d1 19178 epiphany-browser_3.28.3.1-1_source.buildinfo
Checksums-Sha256:
 210a6cba17301b7a2f53fa770e5e81e0189493379a78b47103cd03487a3503df 2772 epiphany-browser_3.28.3.1-1.dsc
 690546a701f046c5c2b3a092659589ea6e17cb0f9a81ec3fdb3046b00cede6f7 4475124 epiphany-browser_3.28.3.1.orig.tar.xz
 2b80415c7e8339df6c07f85fc6824472c80ca4aac085bb1460840c6a6030ed39 28940 epiphany-browser_3.28.3.1-1.debian.tar.xz
 f1a5c96e10124637eaa72c25c8e653938f0e0521d0ba42504652c481f2e71ea1 19178 epiphany-browser_3.28.3.1-1_source.buildinfo
Files:
 92b5fdb5eb217af9ae4a16ad1fb7a093 2772 gnome optional epiphany-browser_3.28.3.1-1.dsc
 31a4a443e8e22f085a10f80b7e41d5f3 4475124 gnome optional epiphany-browser_3.28.3.1.orig.tar.xz
 5ba9dbdc47d9aacc03c3222ebec742fe 28940 gnome optional epiphany-browser_3.28.3.1-1.debian.tar.xz
 a0fae29803c25cb60c9968c33b050d3c 19178 gnome optional epiphany-browser_3.28.3.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAlt/BL0ACgkQ5mx3Wuv+
bH0PsQ//eO/rQlO1UuDfrFtylTLZDjPB2CVOK2B3NRXDcz5imUpyGyU1bN4Lc7mo
bDD78Bga08RzVUfzWvn8oSpBKFENdd9rgF9b+WJfpE1RR+KOAEVXLoiNifpm9Izp
UhV6mbXUm7ucZ5JxFM0eRAZS1rij2Bx+jCJczwZkAaIIHmBw7BximiIt0nr4OmNl
O/9S8YIThDzl4c1pby1OrPWmGgz4YDvfRUBBFTRQQMyrxY/Xsi+KywdVp2gxeXi+
btG6K1HLN5b2vPaY+xPGMGP0QzQj9i46KyrvHO+5s2LZNacqn2gqWZOnGnDb+Aye
D6Iw+LZWTAR+2+liToPiP9UWB3q7PkTtuyx711ByacLYSOJRYLPOTSfFw78qTRu/
5JIR953uAVnkxTx4ivwUNveJkQF5KtT6yOsufiT/47aGICuqQMoD6/lx1dhDQhYI
r5Cmc4BN2zHZrTYmeEvsxZnSD+2VZvorvlE+2KpKAl08PjDjWk9Lk2ujpl87IlnQ
+r/dUlRTt/U2/VsOfpVVhVnj/a3KifMU8r+8rw9TvIRsGU9VX3yOQyWJNIb03vgu
vVXhkbPNSGlFVwh/3gHA/bsQ7QRk5zb2a0VxRWcOMLCdql6xeUXqIhGhDy2zBdjv
NF+3Z1IxnDhQUmveOspJJ8d2692xvZHYrLvqpLD0Tcy+5gw6P94=
=0bJR
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 03 Oct 2018 07:26:41 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:25:33 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started