Using 3.28.5-0ubuntu1 the URL from the testcase stops segfaulting the browser, SRU fix verified
** Description changed: - Impact + Impact ------ The bug is a security issue https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11396 https://git.gnome.org/browse/epiphany/commit/?h=gnome-3-26&id=56a254bf https://security-tracker.debian.org/tracker/CVE-2018-11396 Test case ---------- - Try opening https://bug795740.bugzilla-attachments.gnome.org/attachment.cgi?id=371595 it shold segfault the browser + Try opening https://bug795740.bugzilla-attachments.gnome.org/attachment.cgi?id=371595 it should not segfault the browser Regression Potential -------------------- Minimal fix cherry-pick upstream to gnome-3-28 and gnome-3-26 branches (corresponds with Ubuntu 17.10 and 18.04 LTS) Testing Done ------------ Visiting the proof of concept link from the GNOME bug still crashes epiphany. ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773028 Title: CVE-2018-11396 epiphany crash fix To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1773028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
