Candidate: CVE-2017-1000025 PublicDate: 2017-07-17 13:18:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000025 http://www.openwall.com/lists/oss-security/2017/05/22 https://bugzilla.gnome.org/show_bug.cgi?id=752738 Description: GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. Ubuntu-Description: Notes: Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH] Patches_epiphany: upstream_epiphany: needs-triage precise/esm_epiphany: DNE trusty_epiphany: ignored (reached end-of-life) trusty/esm_epiphany: DNE (trusty was needed) vivid/ubuntu-core_epiphany: DNE xenial_epiphany: ignored (end of standard support, was needed) yakkety_epiphany: ignored (reached end-of-life) zesty_epiphany: ignored (reached end-of-life) artful_epiphany: ignored (reached end-of-life) bionic_epiphany: needed cosmic_epiphany: ignored (reached end-of-life) disco_epiphany: ignored (reached end-of-life) eoan_epiphany: ignored (reached end-of-life) focal_epiphany: needed groovy_epiphany: ignored (reached end-of-life) hirsute_epiphany: ignored (reached end-of-life) impish_epiphany: needed jammy_epiphany: needed devel_epiphany: needed Patches_epiphany-browser: upstream_epiphany-browser: released (3.22.6-1) precise/esm_epiphany-browser: DNE trusty_epiphany-browser: ignored (reached end-of-life) trusty/esm_epiphany-browser: DNE (trusty was needed) xenial_epiphany-browser: ignored (end of standard support, was needed) bionic_epiphany-browser: not-affected (3.28.6-0ubuntu1) eoan_epiphany-browser: not-affected (3.28.6-0ubuntu1) focal_epiphany-browser: not-affected (3.28.6-0ubuntu1) groovy_epiphany-browser: not-affected (3.28.6-0ubuntu1) hirsute_epiphany-browser: not-affected (3.28.6-0ubuntu1) impish_epiphany-browser: not-affected (3.28.6-0ubuntu1) jammy_epiphany-browser: not-affected (3.28.6-0ubuntu1) devel_epiphany-browser: not-affected (3.28.6-0ubuntu1)