Bug 14064

Summary: [CVE21] epiphany 42.5 CVEs
Product: [ROSA-based products] ROSA Fresh Reporter: Vladimir Potapov <v.potapov>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: blocker    
Priority: Highest CC: survolog
Version: AllFlags: v.potapov: secteam_verified?
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2023-26081, CVE-2005-0238
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Vladimir Potapov 2023-11-29 15:45:10 MSK 
https://nvd.nist.gov/vuln/detail/CVE-2023-26081 Base Score: 7.5 HIGH
https://nvd.nist.gov/vuln/detail/CVE-2005-0238 exploit!
Comment 1 Grigorev Andrey 2023-12-01 17:37:59 MSK 
(In reply to Vladimir Potapov from comment #0)
> https://nvd.nist.gov/vuln/detail/CVE-2023-26081 Base Score: 7.5 HIGH
> https://nvd.nist.gov/vuln/detail/CVE-2005-0238 exploit!

CVE-2023-26081 закрыт обновлением на 42.5: https://download.gnome.org/sources/epiphany/42/epiphany-42.5.news
https://bugzilla.rosalinux.ru/show_bug.cgi?id=14038

CVE-2005-0238 эксплойт не работает, сайт http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html является фейком.