Closed
Bug 1454692
(CVE-2018-5183)
Opened 6 years ago
Closed 6 years ago
Backport relevant post-m55 Skia security fixes to ESR52
Categories
(Core :: Graphics, defect, P1)
Core
Graphics
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | 60+ | fixed |
| firefox-esr60 | --- | unaffected |
| firefox59 | --- | unaffected |
| firefox60 | --- | unaffected |
| firefox61 | --- | unaffected |
People
(Reporter: RyanVM, Assigned: lsalzman)
References
Details
(Keywords: sec-critical, Whiteboard: [adv-esr52.8+])
Attachments
(3 files)
|
2.28 KB,
patch
|
rhunt
:
review+
abillings
:
approval-mozilla-esr52+
|
Details | Diff | Splinter Review |
|
2.18 KB,
patch
|
rhunt
:
review+
abillings
:
approval-mozilla-esr52+
|
Details | Diff | Splinter Review |
|
1.27 KB,
patch
|
rhunt
:
review+
abillings
:
approval-mozilla-esr52+
|
Details | Diff | Splinter Review |
Per discussion with Milan and Dan today, we want to cherry-pick the relevant Skia security fixes which have landed upstream since the m55 release we're shipping in ESR52 rather than trying to do a wholesale uplift of m66. Dan is going to work on compiling a spreadsheet of the fixes in question.
|
||
Updated•6 years ago
|
Keywords: sec-critical
|
|
||
Updated•6 years ago
|
Group: gfx-core-security → core-security-release
|
|
||
Comment 1•6 years ago
|
||
Working on a spreadsheet of Chrome-shipped skia security fixes: https://docs.google.com/spreadsheets/d/1J6Ccvp2S3ftf1lzrzhiUUIGNIELG7-gj119q3pebPSI/edit#gid=0
|
||
Comment 2•6 years ago
|
||
We could still potentially uplift before the esr52 build next week. Should I hold back the 52.8esr build for these fixes (say, till Tuesday) or go ahead without them?
Flags: needinfo?(milan)
Flags: needinfo?(dveditz)
|
Assignee | |
Comment 5•6 years ago
|
||
Backport of https://skia.googlesource.com/skia/+/fe266c2bce2b8ac4ef953f16c8e1a7801da9c57d%5E%21/#F0
Attachment #8971907 -
Flags: review?(rhunt)
|
|
Assignee | |
Comment 6•6 years ago
|
||
https://skia.googlesource.com/skia/+/296de50b4c2e31f94b8c3fafae8fcd7bcfb00e0b%5E%21/#F0
Attachment #8971908 -
Flags: review?(rhunt)
|
|
Assignee | |
Comment 7•6 years ago
|
||
https://skia.googlesource.com/skia/+/2917e0705e16e722e2ca82ff312ad0b88e0b89ec%5E%21/#F0
Attachment #8971909 -
Flags: review?(rhunt)
|
|
Assignee | |
Comment 8•6 years ago
|
||
Okay, I went through the spreadsheet to determine which of the bugs affect us. It should only be these three, which I have put up patches for.
|
||
Updated•6 years ago
|
status-firefox-esr60:
--- → unaffected
|
||
Updated•6 years ago
|
Attachment #8971907 -
Flags: review?(rhunt) → review+
|
|
||
Updated•6 years ago
|
Attachment #8971908 -
Flags: review?(rhunt) → review+
|
|
||
Updated•6 years ago
|
Attachment #8971909 -
Flags: review?(rhunt) → review+
|
|
Assignee | |
Comment 9•6 years ago
|
||
Comment on attachment 8971907 [details] [diff] [review] use SkSafeMath for buffer sizes Approval Request Comment [Feature/Bug causing the regression]: bug 1340627 [User impact if declined]: sec-high vulnerability [Is this code covered by automated tests?]: yes [Has the fix been verified in Nightly?]: yes [Needs manual test from QE? If yes, steps to reproduce]: no [List of other uplifts needed for the feature/fix]: [Is the change risky?]: no [Why is the change risky/not risky?]: Upstream security fix [String changes made/needed]: none
Attachment #8971907 -
Flags: approval-mozilla-beta?
|
|
Assignee | |
Updated•6 years ago
|
Attachment #8971908 -
Flags: approval-mozilla-beta?
|
|
Assignee | |
Updated•6 years ago
|
Attachment #8971909 -
Flags: approval-mozilla-esr52?
|
|
Assignee | |
Comment 10•6 years ago
|
||
Comment on attachment 8971907 [details] [diff] [review] use SkSafeMath for buffer sizes Oops, wrong flag.
Attachment #8971907 -
Flags: approval-mozilla-beta? → approval-mozilla-esr52?
|
|
Assignee | |
Comment 11•6 years ago
|
||
Comment on attachment 8971908 [details] [diff] [review] limit vertex counts in GPU hairline renderer Oops, wrong flag.
Attachment #8971908 -
Flags: approval-mozilla-beta? → approval-mozilla-esr52?
|
|
Assignee | |
Updated•6 years ago
|
Attachment #8971907 -
Flags: sec-approval?
|
|
Assignee | |
Updated•6 years ago
|
Attachment #8971908 -
Flags: sec-approval?
|
|
Assignee | |
Updated•6 years ago
|
Attachment #8971909 -
Flags: sec-approval?
|
||
Comment 12•6 years ago
|
||
Comment on attachment 8971907 [details] [diff] [review] use SkSafeMath for buffer sizes sec-approval is only for trunk checkins. Giving esr52 approval.
Attachment #8971907 -
Flags: sec-approval?
Attachment #8971907 -
Flags: approval-mozilla-esr52?
Attachment #8971907 -
Flags: approval-mozilla-esr52+
|
|
||
Updated•6 years ago
|
Attachment #8971908 -
Flags: sec-approval?
Attachment #8971908 -
Flags: approval-mozilla-esr52?
Attachment #8971908 -
Flags: approval-mozilla-esr52+
|
|
||
Updated•6 years ago
|
Attachment #8971909 -
Flags: sec-approval?
Attachment #8971909 -
Flags: approval-mozilla-esr52?
Attachment #8971909 -
Flags: approval-mozilla-esr52+
|
|
||
Updated•6 years ago
|
Whiteboard: [adv-esr52.8+]
|
Reporter | |
Comment 13•6 years ago
|
||
| uplift | ||
https://hg.mozilla.org/releases/mozilla-esr52/rev/f729bf78fb3a
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
|
|
||
Updated•6 years ago
|
Alias: CVE-2018-5183
|
|
||
Updated•4 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•