Opened 5 years ago
Closed 5 years ago
#12198 closed enhancement (fixed)
mozjs - fix CVE-2019-11707
| Reported by: | Xi Ruoyao | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 9.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Change History (7)
comment:1 by , 5 years ago
follow-up: 4 comment:2 by , 5 years ago
https://hg.mozilla.org/releases/mozilla-release/rev/ea5154beddff08b919697e3bed6f38cfe3a3d82f
Mozjs might not be affected by this.
comment:4 by , 5 years ago
Replying to renodr:
https://hg.mozilla.org/releases/mozilla-release/rev/ea5154beddff08b919697e3bed6f38cfe3a3d82f
Mozjs might not be affected by this.
This one: https://hg.mozilla.org/releases/mozilla-esr60/rev/560efdce1d072281398a98244e2ec43ab1f92186
comment:5 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
This is now an 8.8/10 CRITICAL after rechecking the Red Hat Customer Access Portal site. I'm going to drop this in first... I'm off to a late start today.
comment:6 by , 5 years ago
I'll add a caution to the book, but I'll drop it here too:
If you reinstall JS60 on a system running GNOME, it will crash and return to GDM. Irregardless of what you change when it comes to JS60 (version number or a patch), you'll need to rebuild gdm.
Thank you, Xi, for the warning about backing up before reinstallation :-)
As discussed on the lists, a patch is probably better suited for this one.