Epiphany CVE-2021-45085, CVE-2021-45086, CVE-2021-45087, CVE-2021-45088

Hi distributors, several XSS vulnerabilities were found in Epiphany: CVE-2021-45085, CVE-2021-45086, CVE-2021-45087, CVE-2021-45088. See this issue report for details. These issues are fixed in Epiphany 41.1 and 40.4, but due to insufficient testing, reader mode is broken in those releases, so please skip ahead to 41.2 and 40.5.

I also backported fixes to the gnome-3-38 and gnome-3-36 branches to help distros that choose to backport patches. Older branches are vulnerable too.


Unfortunately I discovered another regression so I will need to release 41.3 and 40.6 releases soon. Will also backport fixes to gnome-3-38 and gnome-3-36. Sorry, distros…

Epiphany 41.3 and 40.6 are now available, as are backports for gnome-3-38 and gnome-3-36. Hopefully we are done here now. Apologies for the inconvenience.

Thanks for the fixes and for posting about it! I was pointed out that the version available in Flathub is still in 41.0. Could it be updated?

Hmm… honestly, I’m not sure who is responsible for updating the flathub package. It seems to be done by different people each time.

I think I have permission so I will try to update it now, on a one-time basis. I hope somebody else is keeping track of which packages need updated generally…

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.