Fedora has issued an advisory on April 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GLLDMY4JYDZTMZSCPSY23K5YW3SQYUR6/ The issue is fixed upstream in 41.4 and 42.2.
Status comment: (none) => Patch available from Fedora
Ubuntu has issued an advisory for this on August 10: https://ubuntu.com/security/notices/USN-5561-1
Debian has issued an advisory for this on August 16: https://www.debian.org/security/2022/dsa-5208
Suggested advisory: ======================== The updated package fixes a security vulnerability: In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. (CVE-2022-29536) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29536 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GLLDMY4JYDZTMZSCPSY23K5YW3SQYUR6/ https://ubuntu.com/security/notices/USN-5561-1 https://www.debian.org/security/2022/dsa-5208 ======================== Updated package in core/updates_testing: ======================== epiphany-3.38.2-1.2.mga8 from SRPM: epiphany-3.38.2-1.2.mga8.src.rpm
CVE: (none) => CVE-2022-29536Status comment: Patch available from Fedora => (none)CC: (none) => nicolas.salgueroAssignee: gnome => qa-bugsStatus: NEW => ASSIGNED
GNOME on Vbox installed. Visited a few web-sites, seems to work as expected.
CC: (none) => brtians1
Whiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0382.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED