Still no CVE number...
Looks like upstream is unable to get CVE requests responded to in the future and are unhappy about it enough to not bother with CVE requesting anymore. All arches stable, moving to glsa?
GLSA Vote: No
@ Maintainer(s): Please cleanup and drop =www-client/epiphany-3.20.3!
Pushed 3.22 ~arch update to not be affected by this, and cleaned up both oldstable 3.20.3 and the vulnerable older 3.22.x (to avoid accidentally stabilizing it or something). So cleanup is done.
Tree is clean.