[SECURITY] [DLA 3074-1] epiphany-browser security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3074-1] epiphany-browser security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 18 Aug 2022 09:54:52 +0200 (CEST)
Message-id: <[🔎] 20220818075452.B42EB2A0AE5@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3074-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
August 18, 2022                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : epiphany-browser
Version        : 3.32.1.2-3~deb10u2
CVE ID         : CVE-2021-45085 CVE-2021-45087 CVE-2021-45088 CVE-2022-29536
Debian Bug     : 1009959

Several issues were discovered in Epiphany, the GNOME web browser, allowing
XSS attacks by malicious websites, or memory corruption and application
crash by a page with a very long title.

For Debian 10 buster, these problems have been fixed in version
3.32.1.2-3~deb10u2.

We recommend that you upgrade your epiphany-browser packages.

For the detailed security status of epiphany-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/epiphany-browser

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmL98EgACgkQnUbEiOQ2
gwLu5hAAi8SYoVMrdq0Oor3U4wfQwWm4kTw/cyR3ceWdNP3Tpv7hpyQghMYODYH6
9aRdCxioGW2Fd/pdKdZ6FupDJ6TSbSl7BJ9mVlajjOHGWNl5bhi4cIH2DCTgaYsp
XaiQTzJ3aQQv5S4zkPq7OpuFDMmUTCOOY7qg/nWCHtiO/wDHQWgJkMmj0zqBOD88
csjsnQ9STs3Xr3BRezXYpbL9OkgHsuz9Sm8IPnJEwT+Y5gKLk3Fgw/77fMWyUMBt
zbtsgIH0aQJgngouYBH7FOXufDj8cwfetOuiX6HPFhdD3YLdCMhZt+Sb3AegOEZG
G6IZsUXU177KUIklJsNEZlyNBT+TXURvqmf6pJFfy2whKJoz6jJtm/P/p60eLos6
s+2H5Yi7VQ5ofCLAZQ7V9eX1LhmXjmxrjcoXGNUcJf0T1Gpe54ZRdMxhVyP4EQmZ
XxCY2TIepLCwm+obZseiqiz3mqXvsXq6UKbkt620CPtmtB/SXxFy2x3byN1Sh9rN
LvuDaF+4qgZ5Il9ejcV4OXB8cbtbhICR5vECr7+1mqnHEy8SgRUCSnYZJ3lMojO+
RopXIqaW5B8/jP7Htw3efDjbCVV/xpEJxQezJuRI/hk6M67V5gHevx9xoz+L0mHQ
g6sTtCHRGpXUo2/cYjsQ7QbjQylPFMSMPD3HtrbdcrWReRfQOl0=
=h+m9
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3073-1] webkit2gtk security update
Next by Date: [SECURITY] [DLA 3075-1] schroot security update
Previous by thread: [SECURITY] [DLA 3073-1] webkit2gtk security update
Next by thread: [SECURITY] [DLA 3075-1] schroot security update
Index(es):
- Date
- Thread