Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 658376 (CVE-2018-11396, CVE-2018-12016) - <www-client/epiphany-3.26.7: denial of service in ephy-session.c
Summary: <www-client/epiphany-3.26.7: denial of service in ephy-session.c
Alias: CVE-2018-11396, CVE-2018-12016
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bug795740.bugzilla-attachment...
Whiteboard: B3 [noglsa cve]
Depends on:
Reported: 2018-06-18 06:00 UTC by Florian Schuhmacher
Modified: 2018-11-24 22:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Florian Schuhmacher 2018-06-18 06:00:55 UTC
A flaw was found in ephy-session.c in in GNOME Web (aka Epiphany) through allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted call.

Gentoo Security Scout
Florian Schuhmacher
Comment 1 Mart Raudsepp gentoo-dev 2018-08-05 08:19:04 UTC
Fix is backported to 3.26.7, I guess lets just use that instead of backporting to 3.24.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-06 22:21:20 UTC
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2018-08-07 08:50:26 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 4 Larry the Git Cow gentoo-dev 2018-10-06 18:39:13 UTC
The bug has been referenced in the following commit(s):

commit 80954e9697477e00ac3c4734ac6cc2f5bc36c4ec
Author:     Mart Raudsepp <>
AuthorDate: 2018-10-06 18:38:58 +0000
Commit:     Mart Raudsepp <>
CommitDate: 2018-10-06 18:38:58 +0000

    www-client/epiphany: security cleanup
    Signed-off-by: Mart Raudsepp <>
    Package-Manager: Portage-2.3.49, Repoman-2.3.11

 www-client/epiphany/Manifest                       |  1 -
 www-client/epiphany/epiphany-3.24.5.ebuild         | 75 ----------------------
 .../files/epiphany-3.14.0-unittest-2.patch         | 45 -------------
 .../files/epiphany-3.16.0-unittest-1.patch         | 30 ---------
 4 files changed, 151 deletions(-)
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2018-11-24 22:24:53 UTC
tree is clean