Your message dated Tue, 10 Jun 2025 16:19:21 +0000
with message-id <[email protected]>
and subject line Bug#1104635: fixed in ublock-origin 1.62.0+dfsg-2
has caused the Debian Bug report #1104635,
regarding ublock-origin: CVE-2025-4215
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1104635: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104635
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ublock-origin
Version: 1.62.0+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for ublock-origin.
CVE-2025-4215[0]:
| A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16.
| It has been classified as problematic. Affected is the function
| currentStateChanged of the file src/js/1p-filters.js of the
| component UI. The manipulation leads to inefficient regular
| expression complexity. It is possible to launch the attack remotely.
| The complexity of an attack is rather high. The exploitability is
| told to be difficult. The exploit has been disclosed to the public
| and may be used. Upgrading to version 1.63.3b17 is able to address
| this issue. The patch is identified as
| eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c. It is recommended to
| upgrade the affected component.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-4215
https://www.cve.org/CVERecord?id=CVE-2025-4215
[1]
https://github.com/gorhill/uBlock/commit/eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ublock-origin
Source-Version: 1.62.0+dfsg-2
Done: Markus Koschany <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ublock-origin, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated ublock-origin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 10 Jun 2025 17:49:10 +0200
Source: ublock-origin
Architecture: source
Version: 1.62.0+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Mozilla Extension Maintainers
<[email protected]>
Changed-By: Markus Koschany <[email protected]>
Closes: 1104635
Changes:
ublock-origin (1.62.0+dfsg-2) unstable; urgency=medium
.
* Fix CVE-2025-4215:
A remote attacker could abuse an inefficient regular expression in
ublock-origin's filters to cause a denial-of-service and freeze a web
browser. (Closes: #1104635)
Checksums-Sha1:
63550a0ac539a9ca3fe35577ff008df497aeb2db 2464 ublock-origin_1.62.0+dfsg-2.dsc
aca7e3e0e80ff89e36a7231affb66415817b1c08 43440
ublock-origin_1.62.0+dfsg-2.debian.tar.xz
cece7d0ca4ca58d3e55fcc13cf424250bed21aaf 8356
ublock-origin_1.62.0+dfsg-2_amd64.buildinfo
Checksums-Sha256:
56f3560fff5485d7032217b00ad2ed7fe1c29fb385df2f07b2dd09dc16a6ebcb 2464
ublock-origin_1.62.0+dfsg-2.dsc
bc427ca117bd54af4d62fc6040627c2a91fa551b2b81965a09d4fd0c5fbbe041 43440
ublock-origin_1.62.0+dfsg-2.debian.tar.xz
b8a0974cfb19e453257239f7f592c64b1daaa552e8834825941ec71715f1e28e 8356
ublock-origin_1.62.0+dfsg-2_amd64.buildinfo
Files:
50dea53da2f31cabc83dc21ab580743f 2464 web optional
ublock-origin_1.62.0+dfsg-2.dsc
56d92fd68c413190ed6fcdf3e1347b87 43440 web optional
ublock-origin_1.62.0+dfsg-2.debian.tar.xz
eea8012bdc86bdb215868a3175526300 8356 web optional
ublock-origin_1.62.0+dfsg-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmhIVclfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkwiMQAJDhwS8xNihrShuVhPDcNTCVn3dWm/YLXaV2
ezdV3S4NhHVvym+iRSPrpeOjiQ06zpI1r1ZRju4MWL7MAG0OpDrkMTJyOOFiUp2u
eA2x1pDx4sifMPoU/2T8D4G4WArrmcBvjz5kETKFWwJ+4zMeOy4pD7xy92OIr+O6
zsr3vWCIWmHrKmh5O6V+4j02wfszmbkgHQGqqIy7husjuhXTGb4TNzAt/y7vMD0f
KSPiTfxlHQGi4R4IQ4lesUEeAxVchI6m8km8iGsCQ8mG9wzeJd46V8GykenO0JpX
1qJLnNlgewKRQreYQ8hl9YtPFdOAfmnqzA3flqoGex0zst/dYSnLVchjCx/1ut6g
Xm1AEubbUj2gyjVejVjJhQf1p0xNfqTmHqTLE7BIMmXFidsd7LIftEq3Qc5lenfQ
LVlUlDj9BEDoWcGMGCmNjPZOGwITRd+5E5Aa1VYJaktjI5bg3TCGp2kAcDcJUXMh
wMQjVPnjZOYEQYuEm/GYJZGO60Rl/GFkIU//SzlsmRWfzpPleAmHvD8ju7ICiq+T
Qj/rUzAbrPA2yRRsX1RUjAdI53bf1KR07RL5tIasQnc72y4w5F9pZ5rVrEfnkzOR
z6RNz4jNzpCXY6S447rBZQKp8X53rj5kZPHvZ53tBzQH9qW57t2vJ+U6uJMJVbQ7
jkyH8kuY
=W+Xx
-----END PGP SIGNATURE-----
pgp446gOQbGwf.pgp
Description: PGP signature
--- End Message ---