Fedora has issued an advisory today (February 27): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/ The issue is fixed upstream in 43.1. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 43.1Whiteboard: (none) => MGA8TOO
Suggested advisory: ======================== The updated package fixes a security vulnerability: In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. (CVE-2023-26081) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26081 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/ ======================== Updated package in core/updates_testing: ======================== epiphany-3.38.2-1.3.mga8 from SRPM: epiphany-3.38.2-1.3.mga8.src.rpm
Source RPM: epiphany-43.0-1.mga9.src.rpm => epiphany-3.38.2-1.2.mga8.src.rpmVersion: Cauldron => 8Status comment: Fixed upstream in 43.1 => (none)Status: NEW => ASSIGNEDCVE: (none) => CVE-2023-26081Whiteboard: MGA8TOO => (none)Assignee: gnome => qa-bugsCC: (none) => nicolas.salguero
I don't normally use Gnome, but I do have a VirtualBox guest for just this purpose. No installation issues. Looked at a few web pages, played a Youtube video, no issues. This looks OK to me. Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0099.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED