Opened 6 years ago

Closed 6 years ago

#10863 closed defect (fixed)


Reported by: ken@… Owned by: ken@…
Priority: high Milestone: 8.3
Component: BOOK Version: SVN
Severity: normal Keywords:


In today's security announcements at, Arch have updated to 60.0.2


A heap-based buffer overflow has been found in the Skia component of the Firefox browser before 60.0.2, when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off.


A remote attacker can execute arbitrary code via a crafted SVG file. - also fixed in 60.0.2ESR and 52.8.1 ESR

CVE-2018-6126 impact rated as high.

Change History (3)

comment:1 by ken@…, 6 years ago

Owner: changed from blfs-book to ken@…
Status: newassigned

Apart from the obvious change, minimum nss required version is 3.36.4 (release notes for that say it fixed a macOS problem) and some changes to apparently use PKCS12 - the release notes for nss-3.37.1 which is in the book include a PKCS12 bugfix, so we should be good to go. Currently building, the patches do apply.

comment:2 by ken@…, 6 years ago

Priority: normalhigh

comment:3 by ken@…, 6 years ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.