Source: ublock-origin Version: 1.62.0+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for ublock-origin. CVE-2025-4215[0]: | A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. | It has been classified as problematic. Affected is the function | currentStateChanged of the file src/js/1p-filters.js of the | component UI. The manipulation leads to inefficient regular | expression complexity. It is possible to launch the attack remotely. | The complexity of an attack is rather high. The exploitability is | told to be difficult. The exploit has been disclosed to the public | and may be used. Upgrading to version 1.63.3b17 is able to address | this issue. The patch is identified as | eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c. It is recommended to | upgrade the affected component. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-4215 https://www.cve.org/CVERecord?id=CVE-2025-4215 [1] https://github.com/gorhill/uBlock/commit/eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c Please adjust the affected versions in the BTS as needed. Regards, Salvatore
