Change History (8)
comment:1 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 5 years ago
follow-up: 4 comment:3 by , 5 years ago
Ken, looking at the security fixes section of the release notes for this, should I run a build on my i686 machine to make sure that the changes made for the image loader don't cause a regression?
comment:4 by , 5 years ago
Replying to renodr:
Ken, looking at the security fixes section of the release notes for this, should I run a build on my i686 machine to make sure that the changes made for the image loader don't cause a regression?
If you wish. But I don't think it is an urgent task.
comment:5 by , 5 years ago
| Priority: | normal → high |
|---|---|
| Type: | enhancement → defect |
Release notes now available. There are more security vulnerabilities fixed, the difference is that 68.6.1 only fixed those rated critical.
CVE-2020-6821 potential information disclosure from reading uninitialized memory using WebGL copyTexSubImage method, rated as high.
CVE-2020-6822 out of bounds write in GMPDecodeData when processing large images, rated as moderate.
CVE-2020-6825 memory safety bugs fixed, rated as high.
comment:6 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Changelog update to record that there are security fixes at r22970.
The tarball size is a lot smaller than 68.6.1.
Fixed at r22965, keeping open until the Release Notes are available but I will be very surprised if there are any more security fixes beyond those in 68.6.1.