Closed
Bug 1332953
Opened 6 years ago
Closed 6 years ago
Update libopus to 1.1.4 release
Categories
(Core :: Audio/Video: Playback, defect, P1)
Core
Audio/Video: Playback
Tracking
()
RESOLVED
FIXED
mozilla54
Tracking | Status | |
---|---|---|
firefox-esr45 | --- | unaffected |
firefox51 | --- | wontfix |
firefox52 | --- | wontfix |
firefox53 | --- | fixed |
firefox54 | --- | fixed |
People
(Reporter: ionnv, Assigned: rillian)
References
Details
Attachments
(1 file)
59 bytes,
text/x-review-board-request
|
kinetik
:
review+
lizzard
:
approval-mozilla-aurora+
|
Details |
http://opus-codec.org/release/stable/2017/01/20/libopus-1_1_4.html "This Opus 1.1.4 release fixes a single bug. A specially-crafted Opus packet could cause an integer wrap-around in the SILK LSF stabilization code. This would cause an out-of-bounds read 256 bytes before a constant table. In most circumstances, the consequences are harmless and the result is simply noise in the audio. This was reported as CVE-2017-0381. Contrary to that report, our own analysis shows that no remote code execution is possible. However, we are making this release as a precaution."
Ralph - feel like updating libopus?
Flags: needinfo?(giles)
Priority: -- → P1
Comment hidden (mozreview-request) |
Comment 3•6 years ago
|
||
mozreview-review |
Comment on attachment 8837264 [details] Bug 1332953 - Update libopus to 1.1.4. https://reviewboard.mozilla.org/r/112432/#review113860
Attachment #8837264 -
Flags: review?(kinetik) → review+
Pushed by rgiles@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4b5f50f51228 Update libopus to 1.1.4. r=kinetik
Assignee | ||
Comment 5•6 years ago
|
||
Needinfo myself to nominate for aurora uplift.
Assignee: nobody → giles
Flags: needinfo?(giles)
Comment 6•6 years ago
|
||
Let's get this on Beta ahead of the next ESR as well.
status-firefox51:
--- → wontfix
status-firefox52:
--- → affected
status-firefox53:
--- → affected
status-firefox54:
--- → affected
status-firefox-esr45:
--- → unaffected
Comment 7•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/4b5f50f51228
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
Comment 8•6 years ago
|
||
Too late for 52.
Comment 9•6 years ago
|
||
Whoops, lost track of this one. Ralph, can you please request Aurora approval on this still?
Flags: needinfo?(giles)
Assignee | ||
Comment 11•6 years ago
|
||
Comment on attachment 8837264 [details] Bug 1332953 - Update libopus to 1.1.4. Approval Request Comment [Feature/Bug causing the regression]: Opus/WebM audio playback. [User impact if declined]: Firefox will be vulnerable to a minor CVE. We do not believe this is exploitable, but it is reassuring to ship the fix sooner. [Is this code covered by automated tests?]: yes. [Has the fix been verified in Nightly?]: yes. [Needs manual test from QE? If yes, steps to reproduce]: No. [List of other uplifts needed for the feature/fix]: None. [Is the change risky?]: No. [Why is the change risky/not risky?]: Change is a single line applying saturating instead wrapping arithmetic, and that change is well tested in other applications. The only possible change of behaviour is better audio output for invalid files. [String changes made/needed]: None
Attachment #8837264 -
Flags: approval-mozilla-aurora?
Comment on attachment 8837264 [details] Bug 1332953 - Update libopus to 1.1.4. Shipping this more quickly sounds good to me. Let's uplift for aurora 53. Too late for 52 though.
Attachment #8837264 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 13•6 years ago
|
||
bugherderuplift |
https://hg.mozilla.org/releases/mozilla-aurora/rev/f56e8387be84
You need to log in
before you can comment on or make changes to this bug.
Description
•