Bug#899409: epiphany-browser: CVE-2018-11396
Salvatore Bonaccorso
carnil at debian.org
Wed May 23 21:48:50 BST 2018
Source: epiphany-browser
Version: 3.28.1-1
Severity: normal
Tags: security upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=795740
Hi,
The following vulnerability was published for epiphany-browser.
CVE-2018-11396[0]:
| ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through
| 3.28.2.1 allows remote attackers to cause a denial of service
| (application crash) via JavaScript code that triggers access to a NULL
| URL, as demonstrated by a crafted window.open call.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-11396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11396
[1] https://bugzilla.gnome.org/show_bug.cgi?id=795740
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list