OESA-2022-1627
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1627
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1627.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-1627
- Upstream
- Published
- 2022-05-11T11:03:43Z
- Modified
- 2025-08-12T05:10:48.560623Z
- Summary
- epiphany security update
- Details
-
Epiphany is the web browser for the GNOME desktop. Its goal is to be simple and easy to use. Epiphany ties together many GNOME components in order to let you focus on the Web content, instead of the browser application.
Security Fix(es):
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.(CVE-2021-45085)
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server s suggestedfilename is used as the pdfname value in PDF.js.(CVE-2021-45086)
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.(CVE-2021-45087)
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.(CVE-2021-45088)
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephystringshorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.(CVE-2022-29536)
- Database specific
{ "severity": "High" }- References
-
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1627
- https://nvd.nist.gov/vuln/detail/CVE-2021-45085
- https://nvd.nist.gov/vuln/detail/CVE-2021-45086
- https://nvd.nist.gov/vuln/detail/CVE-2021-45087
- https://nvd.nist.gov/vuln/detail/CVE-2021-45088
- https://nvd.nist.gov/vuln/detail/CVE-2022-29536
Affected packages
openEuler:22.03-LTS / epiphany
Package
- Name
- epiphany
- Purl
- pkg:rpm/openEuler/epiphany&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed40.6-1.oe2203
Ecosystem specific
{
"src": [
"epiphany-40.6-1.oe2203.src.rpm"
],
"x86_64": [
"epiphany-40.6-1.oe2203.x86_64.rpm",
"epiphany-debuginfo-40.6-1.oe2203.x86_64.rpm",
"epiphany-debugsource-40.6-1.oe2203.x86_64.rpm",
"epiphany-runtime-40.6-1.oe2203.x86_64.rpm"
],
"aarch64": [
"epiphany-40.6-1.oe2203.aarch64.rpm",
"epiphany-debuginfo-40.6-1.oe2203.aarch64.rpm",
"epiphany-debugsource-40.6-1.oe2203.aarch64.rpm",
"epiphany-runtime-40.6-1.oe2203.aarch64.rpm"
]
}