Closed
Bug 1454692
(CVE-2018-5183)
Opened 7 years ago
Closed 7 years ago
Backport relevant post-m55 Skia security fixes to ESR52
Categories
(Core :: Graphics, defect, P1)
Core
Graphics
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox-esr52 | 60+ | fixed |
firefox-esr60 | --- | unaffected |
firefox59 | --- | unaffected |
firefox60 | --- | unaffected |
firefox61 | --- | unaffected |
People
(Reporter: RyanVM, Assigned: lsalzman)
References
Details
(Keywords: sec-critical, Whiteboard: [adv-esr52.8+])
Attachments
(3 files)
2.28 KB,
patch
|
rhunt
:
review+
abillings
:
approval-mozilla-esr52+
|
Details | Diff | Splinter Review |
2.18 KB,
patch
|
rhunt
:
review+
abillings
:
approval-mozilla-esr52+
|
Details | Diff | Splinter Review |
1.27 KB,
patch
|
rhunt
:
review+
abillings
:
approval-mozilla-esr52+
|
Details | Diff | Splinter Review |
Per discussion with Milan and Dan today, we want to cherry-pick the relevant Skia security fixes which have landed upstream since the m55 release we're shipping in ESR52 rather than trying to do a wholesale uplift of m66. Dan is going to work on compiling a spreadsheet of the fixes in question.
Updated•7 years ago
|
Keywords: sec-critical
Updated•7 years ago
|
Group: gfx-core-security → core-security-release
Comment 1•7 years ago
|
||
Working on a spreadsheet of Chrome-shipped skia security fixes: https://docs.google.com/spreadsheets/d/1J6Ccvp2S3ftf1lzrzhiUUIGNIELG7-gj119q3pebPSI/edit#gid=0
Comment 2•7 years ago
|
||
We could still potentially uplift before the esr52 build next week. Should I hold back the 52.8esr build for these fixes (say, till Tuesday) or go ahead without them?
Flags: needinfo?(milan)
Flags: needinfo?(dveditz)
Assignee | ||
Comment 5•7 years ago
|
||
Backport of https://skia.googlesource.com/skia/+/fe266c2bce2b8ac4ef953f16c8e1a7801da9c57d%5E%21/#F0
Attachment #8971907 -
Flags: review?(rhunt)
Assignee | ||
Comment 6•7 years ago
|
||
https://skia.googlesource.com/skia/+/296de50b4c2e31f94b8c3fafae8fcd7bcfb00e0b%5E%21/#F0
Attachment #8971908 -
Flags: review?(rhunt)
Assignee | ||
Comment 7•7 years ago
|
||
https://skia.googlesource.com/skia/+/2917e0705e16e722e2ca82ff312ad0b88e0b89ec%5E%21/#F0
Attachment #8971909 -
Flags: review?(rhunt)
Assignee | ||
Comment 8•7 years ago
|
||
Okay, I went through the spreadsheet to determine which of the bugs affect us. It should only be these three, which I have put up patches for.
Updated•7 years ago
|
status-firefox-esr60:
--- → unaffected
Updated•7 years ago
|
Attachment #8971907 -
Flags: review?(rhunt) → review+
Updated•7 years ago
|
Attachment #8971908 -
Flags: review?(rhunt) → review+
Updated•7 years ago
|
Attachment #8971909 -
Flags: review?(rhunt) → review+
Assignee | ||
Comment 9•7 years ago
|
||
Comment on attachment 8971907 [details] [diff] [review] use SkSafeMath for buffer sizes Approval Request Comment [Feature/Bug causing the regression]: bug 1340627 [User impact if declined]: sec-high vulnerability [Is this code covered by automated tests?]: yes [Has the fix been verified in Nightly?]: yes [Needs manual test from QE? If yes, steps to reproduce]: no [List of other uplifts needed for the feature/fix]: [Is the change risky?]: no [Why is the change risky/not risky?]: Upstream security fix [String changes made/needed]: none
Attachment #8971907 -
Flags: approval-mozilla-beta?
Assignee | ||
Updated•7 years ago
|
Attachment #8971908 -
Flags: approval-mozilla-beta?
Assignee | ||
Updated•7 years ago
|
Attachment #8971909 -
Flags: approval-mozilla-esr52?
Assignee | ||
Comment 10•7 years ago
|
||
Comment on attachment 8971907 [details] [diff] [review] use SkSafeMath for buffer sizes Oops, wrong flag.
Attachment #8971907 -
Flags: approval-mozilla-beta? → approval-mozilla-esr52?
Assignee | ||
Comment 11•7 years ago
|
||
Comment on attachment 8971908 [details] [diff] [review] limit vertex counts in GPU hairline renderer Oops, wrong flag.
Attachment #8971908 -
Flags: approval-mozilla-beta? → approval-mozilla-esr52?
Assignee | ||
Updated•7 years ago
|
Attachment #8971907 -
Flags: sec-approval?
Assignee | ||
Updated•7 years ago
|
Attachment #8971908 -
Flags: sec-approval?
Assignee | ||
Updated•7 years ago
|
Attachment #8971909 -
Flags: sec-approval?
Comment 12•7 years ago
|
||
Comment on attachment 8971907 [details] [diff] [review] use SkSafeMath for buffer sizes sec-approval is only for trunk checkins. Giving esr52 approval.
Attachment #8971907 -
Flags: sec-approval?
Attachment #8971907 -
Flags: approval-mozilla-esr52?
Attachment #8971907 -
Flags: approval-mozilla-esr52+
Updated•7 years ago
|
Attachment #8971908 -
Flags: sec-approval?
Attachment #8971908 -
Flags: approval-mozilla-esr52?
Attachment #8971908 -
Flags: approval-mozilla-esr52+
Updated•7 years ago
|
Attachment #8971909 -
Flags: sec-approval?
Attachment #8971909 -
Flags: approval-mozilla-esr52?
Attachment #8971909 -
Flags: approval-mozilla-esr52+
Updated•7 years ago
|
Whiteboard: [adv-esr52.8+]
Reporter | ||
Comment 13•7 years ago
|
||
uplift |
https://hg.mozilla.org/releases/mozilla-esr52/rev/f729bf78fb3a
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Updated•7 years ago
|
Alias: CVE-2018-5183
Updated•5 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•