How easily can the security issue be deduced from the patch? - I think fairly easily, if one is familiar with the messaging security Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem? - I tried to be as vague as possible Which older supported branches are affected by this flaw? - Not sure how to answer If not all supported branches, which bug introduced the flaw? - The flaw was present from the start of GeckoView library Do you have backports for the affected branches? If not, how different, hard to create, and risky will they be? - Not sure how to answer How likely is this patch to cause regressions; how much testing does it need? This is a risky change as far as potential regressions go.
Bug 1756056 Comment 12 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
How easily can the security issue be deduced from the patch? - I think fairly easily, if one is familiar with the messaging security Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem? - I tried to be as vague as possible Which older supported branches are affected by this flaw? - Not sure how to answer If not all supported branches, which bug introduced the flaw? - The flaw was present from the start of GeckoView library Do you have backports for the affected branches? If not, how different, hard to create, and risky will they be? - Not sure how to answer How likely is this patch to cause regressions; how much testing does it need? - This is a risky change as far as potential regressions go.