Push XSS fixes to AMO production

RESOLVED FIXED

Status

Infrastructure & Operations
WebOps: Other
--
critical
RESOLVED FIXED
10 years ago
5 years ago

People

(Reporter: laura, Assigned: oremj)

Tracking

({wsec-xss})

Details

(Reporter)

Description

10 years ago
Please patch production with the patch in 
https://bugzilla.mozilla.org/show_bug.cgi?id=434521

Updated

10 years ago
Assignee: server-ops → thardcastle

Comment 1

10 years ago
Production updated to revision 14567.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED

Comment 2

10 years ago
reopening for the revision
Group: infra
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Updated

10 years ago
Assignee: thardcastle → clouserw
Status: REOPENED → NEW

Comment 3

10 years ago
I mistakenly took 14567 to include the patch, but it just rechecked out the affected file from revision 13222. Awaiting the patch to svn still.
Wil - could you create a patch against current prod so we can patch this before
Thursday to close the XSS vuln until the 3.4.3 update?
Okay, so what we're asking for is the patch from bug 434521 applied to prod so we don't have 2 extra days of vulnerability between now and Thursday.
Reassigning for comment #5
Assignee: clouserw → oremj
(Assignee)

Comment 7

10 years ago
Done.
Status: NEW → RESOLVED
Last Resolved: 10 years ago10 years ago
Resolution: --- → FIXED
Adding keywords to bugs for metrics, no action required.  Sorry about bugmail spam.
Keywords: wsec-xss
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.