Closed Bug 1795697 (CVE-2022-46871) Opened 1 year ago Closed 1 year ago

Update to latest libusrsctp

Categories

(Core :: WebRTC: Networking, task, P2)

task

Tracking

()

RESOLVED FIXED
108 Branch
Tracking Status
firefox-esr102 109+ fixed
firefox108 --- fixed

People

(Reporter: bwc, Assigned: bwc)

References

(Blocks 1 open bug)

Details

(Keywords: sec-high, Whiteboard: [adv-main108+][adv-esr102.7+])

Attachments

(3 files)

No description provided.
Assignee: nobody → docfaraday
Severity: -- → S2
Priority: -- → P2
See Also: → 1776143
Pushed by bcampen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1d383d85d648
Update libusrsctp. r=ng
https://hg.mozilla.org/integration/autoland/rev/1224847160b3
Update Tsan suppressions for libusrsctp, and add a stack unwind to help avoid reentrancy problems. r=decoder,ng
Blocks: 1791296
Duplicate of this bug: 1728616
Blocks: 1736224
Blocks: 1776143
See Also: 1776143
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 108 Branch
Whiteboard: [adv-main108+]
Attached file advisory.txt
Keywords: sec-high

Comment on attachment 9299067 [details]
Bug 1795697: Update Tsan suppressions for libusrsctp, and add a stack unwind to help avoid reentrancy problems. r?decoder,ng

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration:
  • User impact if declined:
  • Fix Landed on Version: 108
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Has already been on nightly for a while, seems to work fine.
Attachment #9299067 - Flags: approval-mozilla-esr102?
Attachment #9299064 - Flags: approval-mozilla-esr102?
Alias: CVE-2022-46871

Comment on attachment 9299064 [details]
Bug 1795697: Update libusrsctp. r?ng

Approved for 102.7esr.

Attachment #9299064 - Flags: approval-mozilla-esr102? → approval-mozilla-esr102+
Attachment #9299067 - Flags: approval-mozilla-esr102? → approval-mozilla-esr102+
Whiteboard: [adv-main108+] → [adv-main108+][adv-esr102.7+]
You need to log in before you can comment on or make changes to this bug.