This bug was fixed in the package epiphany-browser - 42.1-1ubuntu1
---
epiphany-browser (42.1-1ubuntu1) jammy-security; urgency=medium
* SECURITY UPDATE: Fix memory corruption in ephy_string_shorten()
- CVE-2022-29536 (LP: #1969851)
-- Jeremy Bicha Sun, 31 Jul 2022 15:53:30
This bug was fixed in the package epiphany-browser - 3.36.4-0ubuntu2
---
epiphany-browser (3.36.4-0ubuntu2) focal-security; urgency=medium
* SECURITY UPDATE: Fix memory corruption in ephy_string_shorten()
- CVE-2022-29536 (LP: #1969851)
* SECURITY UPDATE: Multiple XSS issues
I installed epiphany-browser 42.1-1ubuntu1 from the proposed PPA on to
Ubuntu 22.04.1 LTS (release candidate).
After installing, I was able to watch a video on YouTube (I needed to
install gstreamer1.0-plugins-bad first).
I was able to use Reader Mode on a blog site.
And I was able to load
ACK on the debdiff in comment #2. It is building in the security team
PPA here:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
Once it has finished building, please test it and detail the testing
performed in this bug, and we will release it as a security update.
** Description changed:
Impact
-
- For Ubuntu 22.04 LTS, we should just take epiphany 42.2
- For Ubuntu 21.10, look into taking epiphany 41.4
+ In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can
trigger a client buffer overflow (in ephy_string_shorten in the UI
** Description changed:
Impact
-
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can
trigger a client buffer overflow (in ephy_string_shorten in the UI process) via
a long page title. The issue occurs because the number of bytes for a UTF-8
ellipsis character is
** No longer affects: epiphany-browser (Ubuntu Impish)
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1969851
Title:
CVE-2022-29536 epiphany
To manage notifications
This bug was fixed in the package epiphany-browser - 42.2-1
---
epiphany-browser (42.2-1) unstable; urgency=high
* New upstream release
- Includes fix for CVE-2022-29536 (Closes: #1009959) (LP: #1969851)
-- Jeremy Bicha Thu, 21 Apr 2022 17:01:00 -0400
** Changed in:
** Also affects: epiphany-browser (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: epiphany-browser (Ubuntu Impish)
Importance: Undecided
Status: New
** Also affects: epiphany-browser (Ubuntu Jammy)
Importance: Undecided
Status: New
--
You