Opened 6 years ago
Closed 6 years ago
#10557 closed defect (fixed)
firefox-59.0.1
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | 8.3 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
This was apparently announced on 16th March. It contains one security fix: CVE-2018-5146 An out of bounds memory write in libvorbis was reported through the Pwn2Own contest. (Also a similar flaw in libtremor which is used in android and arm platforms).
I'm not sure if this means we should just drop system vorbis from the 59.0 build, or whether we need 59.0.1.
Tinyurl gives me https://tinyurl.com/firefox-59-0-1
Change History (3)
comment:1 by , 6 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 6 years ago
Note:
See TracTickets
for help on using tickets.
I'm obviously behind the times - system vorbis and system theora are not mentioned in the build, and not linked by libxul.so which is the "master" library that pulls in lots of system and firefox libs. So, we do need this.