New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 818177 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Mar 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , iOS , Chrome , Mac , Fuchsia
Pri: 1
Type: Bug-Security



Sign in to add a comment

Merge VP9 RTP fix to M65

Project Member Reported by philipel@chromium.org, Mar 2 2018

Issue description

A potential OoB access bug has been discovered and fixed (bugs.webrtc.org/8960). According to the webrtc security playbook this is of medium severity since it is an OoB read.

The fix (https://webrtc-review.googlesource.com/c/src/+/59180) is trivial and low risk.
 
Project Member

Comment 1 by sheriffbot@chromium.org, Mar 2 2018

Labels: -Merge-Request-65 Merge-Review-65 Hotlist-Merge-Review
This bug requires manual review: Less than 0 days to go before AppStore submit on M65
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Cc: awhalley@chromium.org cma...@chromium.org
+ awhalley@ for M65 merge review
+ cmass@ as FYI
Labels: -Type-Bug -Merge-Review-65 Merge-Rejected-65 Security_Severity-Medium Security_Impact-Stable M-66 Type-Bug-Security
Thanks for the heads up. We're OK picking this up in 66 at this point.

Comment 4 by kenrb@chromium.org, Mar 2 2018

Should this bug be closed, then?
Status: WontFix (was: Untriaged)
Good point :-)
Labels: Merge-Request-66
Status: Assigned (was: WontFix)
This change did not make it into the M66 cut, requesting merge.
Project Member

Comment 7 by sheriffbot@chromium.org, Mar 5 2018

Status: Fixed (was: Assigned)
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
abdulsyed@ - good for 66
Labels: -Merge-Request-66 Merge-Approved-66
Approving merge to M66 branch 3359 based on comment #8.
Pls merge your change to M66 branch 3359 ASAP so we can pick it up for next M66 Dev release. Thank you.
Pls merge your change to M66 branch 3359 ASAP so we can pick it up for next M66 Dev release. Thank you.
Cc: anatolid@chromium.org
Labels: -Merge-Approved-66 Merge-Merged
Merge landed: https://webrtc-review.googlesource.com/c/src/+/60141
Project Member

Comment 14 by sheriffbot@chromium.org, Mar 6 2018

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Labels: -Merge-Merged Merge-Merged-66
Labels: Release-0-M66
Project Member

Comment 17 by sheriffbot@chromium.org, Jun 12 2018

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment