Evaluate libpixman CVE-2022-44638 fix
Categories
(Core :: Graphics, defect)
Tracking
()
People
(Reporter: RyanVM, Assigned: RyanVM)
References
Details
Attachments
(1 file)
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-esr102+
|
Details | Review |
libpixman 0.42.2 was recently announced with a fix for CVE-2022-44638.
https://lists.freedesktop.org/archives/pixman/2022-November/004994.html
The actual fix looks pretty simple if it's something that impacts Firefox.
https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395
I'll put up a patch for that to get the ball rolling.
Assignee | ||
Comment 1•2 years ago
|
||
Backport of upstream commit:
https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395
Updated•2 years ago
|
Assignee | ||
Comment 2•2 years ago
|
||
Pushed by rvandermeulen@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/bac7456de5c6 Backport fix for libpixman CVE-2022-44638. r=jfkthame
Comment 4•2 years ago
|
||
bugherder |
Comment 5•2 years ago
|
||
The patch landed in nightly and beta is affected.
:RyanVM, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox107
towontfix
.
For more information, please visit auto_nag documentation.
Assignee | ||
Comment 6•2 years ago
|
||
AFAWCT, this isn't critical enough to warrant a late uplift this cycle. We'll uplift it to ESR next cycle just for completeness' sake, however.
Assignee | ||
Comment 7•2 years ago
|
||
Comment on attachment 9302587 [details]
Bug 1799748 - Backport fix for libpixman CVE-2022-44638. r=jfkthame
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: Backport of an upstream security fix
- User impact if declined: Not entirely clear how reachable this code actually is in Gecko, but the risk of the patch is basically zero so better safe than sorry
- Fix Landed on Version: 108
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky):
Comment 8•1 year ago
|
||
Comment on attachment 9302587 [details]
Bug 1799748 - Backport fix for libpixman CVE-2022-44638. r=jfkthame
Approved for 102.6esr
Comment 9•1 year ago
|
||
bugherder uplift |
Description
•