Closed
Bug 1454692
(CVE-2018-5183)
Opened 7 years ago
Closed 7 years ago
Backport relevant post-m55 Skia security fixes to ESR52
Categories
(Core :: Graphics, defect, P1)
Core
Graphics
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | 60+ | fixed |
| firefox-esr60 | --- | unaffected |
| firefox59 | --- | unaffected |
| firefox60 | --- | unaffected |
| firefox61 | --- | unaffected |
People
(Reporter: RyanVM, Assigned: lsalzman)
References
Details
(Keywords: sec-critical, Whiteboard: [adv-esr52.8+])
Attachments
(3 files)
|
2.28 KB,
patch
|
rhunt
:
review+
abillings
:
approval-mozilla-esr52+
|
Details | Diff | Splinter Review |
|
2.18 KB,
patch
|
rhunt
:
review+
abillings
:
approval-mozilla-esr52+
|
Details | Diff | Splinter Review |
|
1.27 KB,
patch
|
rhunt
:
review+
abillings
:
approval-mozilla-esr52+
|
Details | Diff | Splinter Review |
Per discussion with Milan and Dan today, we want to cherry-pick the relevant Skia security fixes which have landed upstream since the m55 release we're shipping in ESR52 rather than trying to do a wholesale uplift of m66.
Dan is going to work on compiling a spreadsheet of the fixes in question.
|
||
Updated•7 years ago
|
Keywords: sec-critical
|
|
||
Updated•7 years ago
|
Group: gfx-core-security → core-security-release
|
|
||
Comment 1•7 years ago
|
||
Working on a spreadsheet of Chrome-shipped skia security fixes:
https://docs.google.com/spreadsheets/d/1J6Ccvp2S3ftf1lzrzhiUUIGNIELG7-gj119q3pebPSI/edit#gid=0
|
||
Comment 2•7 years ago
|
||
We could still potentially uplift before the esr52 build next week.
Should I hold back the 52.8esr build for these fixes (say, till Tuesday) or go ahead without them?
Flags: needinfo?(milan)
Flags: needinfo?(dveditz)
|
Assignee | |
Comment 5•7 years ago
|
||
Attachment #8971907 -
Flags: review?(rhunt)
|
|
Assignee | |
Comment 6•7 years ago
|
||
Attachment #8971908 -
Flags: review?(rhunt)
|
|
Assignee | |
Comment 7•7 years ago
|
||
Attachment #8971909 -
Flags: review?(rhunt)
|
|
Assignee | |
Comment 8•7 years ago
|
||
Okay, I went through the spreadsheet to determine which of the bugs affect us. It should only be these three, which I have put up patches for.
|
||
Updated•7 years ago
|
status-firefox-esr60:
--- → unaffected
|
||
Updated•7 years ago
|
Attachment #8971907 -
Flags: review?(rhunt) → review+
|
|
||
Updated•7 years ago
|
Attachment #8971908 -
Flags: review?(rhunt) → review+
|
|
||
Updated•7 years ago
|
Attachment #8971909 -
Flags: review?(rhunt) → review+
|
|
Assignee | |
Comment 9•7 years ago
|
||
Comment on attachment 8971907 [details] [diff] [review]
use SkSafeMath for buffer sizes
Approval Request Comment
[Feature/Bug causing the regression]: bug 1340627
[User impact if declined]: sec-high vulnerability
[Is this code covered by automated tests?]: yes
[Has the fix been verified in Nightly?]: yes
[Needs manual test from QE? If yes, steps to reproduce]: no
[List of other uplifts needed for the feature/fix]:
[Is the change risky?]: no
[Why is the change risky/not risky?]: Upstream security fix
[String changes made/needed]: none
Attachment #8971907 -
Flags: approval-mozilla-beta?
|
|
Assignee | |
Updated•7 years ago
|
Attachment #8971908 -
Flags: approval-mozilla-beta?
|
|
Assignee | |
Updated•7 years ago
|
Attachment #8971909 -
Flags: approval-mozilla-esr52?
|
|
Assignee | |
Comment 10•7 years ago
|
||
Comment on attachment 8971907 [details] [diff] [review]
use SkSafeMath for buffer sizes
Oops, wrong flag.
Attachment #8971907 -
Flags: approval-mozilla-beta? → approval-mozilla-esr52?
|
|
Assignee | |
Comment 11•7 years ago
|
||
Comment on attachment 8971908 [details] [diff] [review]
limit vertex counts in GPU hairline renderer
Oops, wrong flag.
Attachment #8971908 -
Flags: approval-mozilla-beta? → approval-mozilla-esr52?
|
|
Assignee | |
Updated•7 years ago
|
Attachment #8971907 -
Flags: sec-approval?
|
|
Assignee | |
Updated•7 years ago
|
Attachment #8971908 -
Flags: sec-approval?
|
|
Assignee | |
Updated•7 years ago
|
Attachment #8971909 -
Flags: sec-approval?
|
||
Comment 12•7 years ago
|
||
Comment on attachment 8971907 [details] [diff] [review]
use SkSafeMath for buffer sizes
sec-approval is only for trunk checkins.
Giving esr52 approval.
Attachment #8971907 -
Flags: sec-approval?
Attachment #8971907 -
Flags: approval-mozilla-esr52?
Attachment #8971907 -
Flags: approval-mozilla-esr52+
|
|
||
Updated•7 years ago
|
Attachment #8971908 -
Flags: sec-approval?
Attachment #8971908 -
Flags: approval-mozilla-esr52?
Attachment #8971908 -
Flags: approval-mozilla-esr52+
|
|
||
Updated•7 years ago
|
Attachment #8971909 -
Flags: sec-approval?
Attachment #8971909 -
Flags: approval-mozilla-esr52?
Attachment #8971909 -
Flags: approval-mozilla-esr52+
|
|
||
Updated•7 years ago
|
Whiteboard: [adv-esr52.8+]
|
Reporter | |
Comment 13•7 years ago
|
||
| uplift | ||
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
|
|
||
Updated•7 years ago
|
Alias: CVE-2018-5183
|
|
||
Updated•5 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•