Closed Bug 545327 Opened 11 years ago Closed 11 years ago

Local patch to AMO for public security vulnerability

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

All
Other
task
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: fligtar, Assigned: fox2mike)

References

Details

Attachments

(1 file)

Please apply this patch to AMO production to fix a publicly-disclosed security vulnerability with add-on installation:

https://bug544660.bugzilla.mozilla.org/attachment.cgi?id=425889

It's been tested by QA and the bug reporter.
Blocks: 544660
This js is compressed and minified on production, so there's nothing to patch.  We'll need to do a new build first.
I realized that patch wouldn't help in production JS, so Jeff is working on the patch to get the JS updated and uncached.
Severity: critical → major
I committed a new build as r62039.  The important changes are in site/app/config/revisions.php and /site/app/webroot/js/amo2009/amo2009.min.js, but it won't hurt anything to update the other changed files.
Severity: major → critical
Attached patch security patchSplinter Review
Here's the patch without any of the binary file changes.
Assignee: server-ops → shyam
Patched

[root@mradm02 addons.mozilla.org-remora]# patch -p0 < 545327.patch 
patching file site/app/config/revisions.php
patching file site/app/webroot/css/amo2009/style.min.css
patching file site/app/webroot/js/amo2009/amo2009.min.js

and pushed live.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.