Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1557571
Summary: | Firefox 59.0.1 available: CVE-2018-5146: Out of bounds memory write in libvorbis | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | JayJayJazz <jayjayjazz> |
Component: | firefox | Assignee: | Gecko Maintainer <gecko-bugs-nobody> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | alexl, gecko-bugs-nobody, gmarr, jhorak, john.j5live, kengert, klember, pjasicek, rhughes, rstrode, sandmann, stransky |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | AcceptedFreezeException | ||
Fixed In Version: | firefox-59.0.1-1.fc28 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-03-26 22:29:19 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1469205 |
Description
JayJayJazz
2018-03-16 22:28:07 UTC
Proposing as a FE for Fedora 28 Beta, to avoid shipping beta with known security vulnerabilities in our default browser. Note that this may need matching NSS update pulled in through the freeze as well if accepted, not entirely sure. The update is here - https://bodhi.fedoraproject.org/updates/FEDORA-2018-3de9cb411f Discussed during the 2018-03-26 blocker review meeting: [1] The decision to classify this bug as an AcceptedFreezeException was made as it's obviously desirable to fix significant security issues in the default browser for most desktops for Beta. Note we have verified no nss/nspr update is required here. [1] https://meetbot.fedoraproject.org/fedora-blocker-review/2018-03-26/f28-blocker-review.2018-03-26-16.01.txt firefox-59.0.1-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-3de9cb411f firefox-59.0.1-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. |