[Git][security-tracker-team/security-tracker][master] Remove tracking of src:epiphany-browser for CVE-2019-6251

Salvatore Bonaccorso carnil at debian.org
Wed Apr 17 07:56:16 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c111845 by Salvatore Bonaccorso at 2019-04-17T06:54:35Z
Remove tracking of src:epiphany-browser for CVE-2019-6251

The issue is in webkit2gtk and was adressed there[1]. Updated
description to "WebKitGTK and WPE WebKit prior to version 2.24.1 are
vulnerable to address bar spoofing upon certain JavaScript redirections.
An attacker could cause malicious web content to be displayed as if for
a trusted URI."

 [1] https://gitlab.gnome.org/GNOME/epiphany/issues/532

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12893,8 +12893,6 @@ CVE-2019-6253
 CVE-2019-6252
 	RESERVED
 CVE-2019-6251 (embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 3.31.4 allow ...)
-	- epiphany-browser <unfixed>
-	[jessie] - epiphany-browser <not-affected> (spoof.html does not change address bar)
 	- webkit2gtk 2.24.1-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c111845d14aefa1ccbc019b3badd75db3f7f011

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c111845d14aefa1ccbc019b3badd75db3f7f011
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190417/517eeec1/attachment.html>


More information about the debian-security-tracker-commits mailing list