New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 818177 link

Starred by 2 users
Status: Fixed
Owner:
philipel@chromium.org
Last visit > 30 days ago
Closed: Mar 2018
Cc:
gov...@chromium.org
anatolid@chromium.org
cma...@chromium.org
ssilkin@chromium.org
holmer@chromium.org
awhalley@chromium.org
ios-bugs-priority@chromium.org
mflodman@chromium.org
sprang@chromium.org
brandtr@chromium.org
ios-bugs@chromium.org
terelius@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , iOS , Chrome , Mac , Fuchsia
Pri: 1
Type: Bug-Security



Sign in to add a comment

Merge VP9 RTP fix to M65

Project Member Reported by philipel@chromium.org, Mar 2 2018 
A potential OoB access bug has been discovered and fixed (bugs.webrtc.org/8960). According to the webrtc security playbook this is of medium severity since it is an OoB read.

The fix (https://webrtc-review.googlesource.com/c/src/+/59180) is trivial and low risk.
Project Member

Comment 1 by sheriffbot@chromium.org, Mar 2 2018

Labels: -Merge-Request-65 Merge-Review-65 Hotlist-Merge-Review
This bug requires manual review: Less than 0 days to go before AppStore submit on M65
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 2 by gov...@chromium.org, Mar 2 2018

Cc: awhalley@chromium.org cma...@chromium.org
+ awhalley@ for M65 merge review
+ cmass@ as FYI

Comment 3 by awhalley@google.com, Mar 2 2018

Labels: -Type-Bug -Merge-Review-65 Merge-Rejected-65 Security_Severity-Medium Security_Impact-Stable M-66 Type-Bug-Security
Thanks for the heads up. We're OK picking this up in 66 at this point.

Comment 4 by kenrb@chromium.org, Mar 2 2018 

Should this bug be closed, then?

Comment 5 by awhalley@google.com, Mar 2 2018

Status: WontFix (was: Untriaged)
Good point :-)

Comment 6 by philipel@chromium.org, Mar 5 2018

Labels: Merge-Request-66
Status: Assigned (was: WontFix)
This change did not make it into the M66 cut, requesting merge.
Project Member

Comment 7 by sheriffbot@chromium.org, Mar 5 2018

Status: Fixed (was: Assigned)
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 8 by awhalley@google.com, Mar 5 2018 

abdulsyed@ - good for 66

Comment 9 by gov...@chromium.org, Mar 5 2018

Labels: -Merge-Request-66 Merge-Approved-66
Approving merge to M66 branch 3359 based on comment #8.

Comment 10 by gov...@chromium.org, Mar 5 2018 

Pls merge your change to M66 branch 3359 ASAP so we can pick it up for next M66 Dev release. Thank you.

Comment 11 by gov...@chromium.org, Mar 5 2018 

Pls merge your change to M66 branch 3359 ASAP so we can pick it up for next M66 Dev release. Thank you.

Comment 12 by holmer@chromium.org, Mar 6 2018

Cc: anatolid@chromium.org

Comment 13 by philipel@chromium.org, Mar 6 2018

Labels: -Merge-Approved-66 Merge-Merged
Merge landed: https://webrtc-review.googlesource.com/c/src/+/60141
Project Member

Comment 14 by sheriffbot@chromium.org, Mar 6 2018

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 15 by gov...@chromium.org, Mar 6 2018

Labels: -Merge-Merged Merge-Merged-66

Comment 16 by awhalley@google.com, Apr 17 2018

Labels: Release-0-M66
Project Member

Comment 17 by sheriffbot@chromium.org, Jun 12 2018

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment