-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3423-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb May 15, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : epiphany-browser Version : 3.32.1.2-3~deb10u3 CVE ID : CVE-2023-26081 Debian Bug : 1031727 It was discovered that there was a potential credential stealing attack in epiphany-browser, the default GNOME web browser. When using a sandboxed Content Security Policy (CSP) or the HTML "iframe" tag, the sandboxed web content was trusted by the main/surrounding resource. After this change, however, the password manager is disabled entirely in this situations, so that the untrusted web content cannot exfiltrate passwords. For Debian 10 buster, this problem has been fixed in version 3.32.1.2-3~deb10u3. We recommend that you upgrade your epiphany-browser packages. For the detailed security status of epiphany-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/epiphany-browser Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmRikKcACgkQHpU+J9Qx HlhamhAAlme/ukU40uYqO3v7Qx4toS/L9V2jqRV0Ki/+wbR7ynKgmZjfIxqZpzhE l9e1DwLKLJjSYoT88s02AJr15QPHdGsnJiFS06/qFCqD9tFL9vl7w7PzyIbEnAHq Z1J8q+bxpKxpXhJq5pBmWoMOYQX0ROKTvh89Fabk+OSRgdYbreNfDf66tAHEoVfX BYBlpHr6JBBDe6rbWYcPGMZothLiPOGOLxjRaPFxyKIsZHNO0zFheZ16Q5qKpirI ugF4PDMlwOkjdE0cfP867gy9LTDSj8w6I0Q74nYxT/U128fbytmkTVFoEm76thXn DICl1UDHNjAkMUWr7SziumdAgZPFazqrur8TyEyEIchdPfqruZJU6V2pDzBAG/NO 2Jg+4X42l1ArOl5Vfw1q/i3cxfwhgoqsPdXWLTJj12mN/114ln4xRrTMhsnhnCU1 QRtuhSHGer7n55m0uAp9k3Uy3QewChgEoSpn6uYyC6yLdcJOvf3Bs2chSY4XIhPW nG5UmcodAZ++gmMGtSDQ/ED5++L0ab7JDwCZgRdXAerGCrzPl+ZjcyF58Tj+eP9z 80awfmTQoaYigd+gY8dBLPZF95skvtfogqlTlM2d25MqgfsXM57XKAHg3JOjT9DA gdCEZwZUJLdRUTEBiS/uYBJeivArYfQ+wtoOzc0OMFhCkT6+Pkc= =3UKq -----END PGP SIGNATURE-----