{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"epiphany security update", "category":"general", "title":"Synopsis" }, { "text":"An update for epiphany is now available for openEuler-22.03-LTS.", "category":"general", "title":"Summary" }, { "text":"Epiphany is the web browser for the GNOME desktop. Its goal is to be simple and easy to use. Epiphany ties together many GNOME components in order to let you focus on the Web content, instead of the browser application.\n\nSecurity Fix(es):\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.(CVE-2021-45085)\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server s suggested_filename is used as the pdf_name value in PDF.js.(CVE-2021-45086)\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.(CVE-2021-45087)\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.(CVE-2021-45088)\n\nIn GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.(CVE-2022-29536)", "category":"general", "title":"Description" }, { "text":"An update for epiphany is now available for openEuler-22.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"epiphany", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2022-1627", "category":"self", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1627" }, { "summary":"CVE-2021-45085", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2021-45085&packageName=epiphany" }, { "summary":"CVE-2021-45086", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2021-45086&packageName=epiphany" }, { "summary":"CVE-2021-45087", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2021-45087&packageName=epiphany" }, { "summary":"CVE-2021-45088", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2021-45088&packageName=epiphany" }, { "summary":"CVE-2022-29536", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2022-29536&packageName=epiphany" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45085" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45086" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45087" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45088" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29536" }, { "summary":"openEuler-SA-2022-1627 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2022/csaf-openeuler-sa-2022-1627.json" } ], "title":"An update for epiphany is now available for openEuler-22.03-LTS", "tracking":{ "initial_release_date":"2022-05-11T09:39:34+08:00", "revision_history":[ { "date":"2022-05-11T09:39:34+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T09:39:34+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T09:39:34+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T09:39:34+08:00", "id":"openEuler-SA-2022-1627", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS" }, "product_id":"openEuler-22.03-LTS", "name":"openEuler-22.03-LTS" }, "name":"openEuler-22.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS" }, "product_id":"epiphany-40.6-1.oe2203.aarch64.rpm", "name":"epiphany-40.6-1.oe2203.aarch64.rpm" }, "name":"epiphany-40.6-1.oe2203.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS" }, "product_id":"epiphany-debuginfo-40.6-1.oe2203.aarch64.rpm", "name":"epiphany-debuginfo-40.6-1.oe2203.aarch64.rpm" }, "name":"epiphany-debuginfo-40.6-1.oe2203.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS" }, "product_id":"epiphany-debugsource-40.6-1.oe2203.aarch64.rpm", "name":"epiphany-debugsource-40.6-1.oe2203.aarch64.rpm" }, "name":"epiphany-debugsource-40.6-1.oe2203.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS" }, "product_id":"epiphany-runtime-40.6-1.oe2203.aarch64.rpm", "name":"epiphany-runtime-40.6-1.oe2203.aarch64.rpm" }, "name":"epiphany-runtime-40.6-1.oe2203.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS" }, "product_id":"epiphany-40.6-1.oe2203.src.rpm", "name":"epiphany-40.6-1.oe2203.src.rpm" }, "name":"epiphany-40.6-1.oe2203.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS" }, "product_id":"epiphany-40.6-1.oe2203.x86_64.rpm", "name":"epiphany-40.6-1.oe2203.x86_64.rpm" }, "name":"epiphany-40.6-1.oe2203.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS" }, "product_id":"epiphany-debuginfo-40.6-1.oe2203.x86_64.rpm", "name":"epiphany-debuginfo-40.6-1.oe2203.x86_64.rpm" }, "name":"epiphany-debuginfo-40.6-1.oe2203.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS" }, "product_id":"epiphany-debugsource-40.6-1.oe2203.x86_64.rpm", "name":"epiphany-debugsource-40.6-1.oe2203.x86_64.rpm" }, "name":"epiphany-debugsource-40.6-1.oe2203.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS" }, "product_id":"epiphany-runtime-40.6-1.oe2203.x86_64.rpm", "name":"epiphany-runtime-40.6-1.oe2203.x86_64.rpm" }, "name":"epiphany-runtime-40.6-1.oe2203.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS", "product_reference":"epiphany-40.6-1.oe2203.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "name":"epiphany-40.6-1.oe2203.aarch64 as a component of openEuler-22.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS", "product_reference":"epiphany-debuginfo-40.6-1.oe2203.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "name":"epiphany-debuginfo-40.6-1.oe2203.aarch64 as a component of openEuler-22.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS", "product_reference":"epiphany-debugsource-40.6-1.oe2203.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "name":"epiphany-debugsource-40.6-1.oe2203.aarch64 as a component of openEuler-22.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS", "product_reference":"epiphany-runtime-40.6-1.oe2203.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "name":"epiphany-runtime-40.6-1.oe2203.aarch64 as a component of openEuler-22.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS", "product_reference":"epiphany-40.6-1.oe2203.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "name":"epiphany-40.6-1.oe2203.src as a component of openEuler-22.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS", "product_reference":"epiphany-40.6-1.oe2203.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "name":"epiphany-40.6-1.oe2203.x86_64 as a component of openEuler-22.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS", "product_reference":"epiphany-debuginfo-40.6-1.oe2203.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "name":"epiphany-debuginfo-40.6-1.oe2203.x86_64 as a component of openEuler-22.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS", "product_reference":"epiphany-debugsource-40.6-1.oe2203.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "name":"epiphany-debugsource-40.6-1.oe2203.x86_64 as a component of openEuler-22.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS", "product_reference":"epiphany-runtime-40.6-1.oe2203.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64", "name":"epiphany-runtime-40.6-1.oe2203.x86_64 as a component of openEuler-22.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2021-45085", "notes":[ { "text":"XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ], "details":"epiphany security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1627" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2021-45085" }, { "cve":"CVE-2021-45086", "notes":[ { "text":"XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server s suggested_filename is used as the pdf_name value in PDF.js.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ], "details":"epiphany security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1627" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2021-45086" }, { "cve":"CVE-2021-45087", "notes":[ { "text":"XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ], "details":"epiphany security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1627" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2021-45087" }, { "cve":"CVE-2021-45088", "notes":[ { "text":"XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ], "details":"epiphany security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1627" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2021-45088" }, { "cve":"CVE-2022-29536", "notes":[ { "text":"In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ], "details":"epiphany security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1627" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.aarch64", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.src", "openEuler-22.03-LTS:epiphany-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debuginfo-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-debugsource-40.6-1.oe2203.x86_64", "openEuler-22.03-LTS:epiphany-runtime-40.6-1.oe2203.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2022-29536" } ] }