Opened 3 weeks ago

Closed 3 weeks ago

Last modified 3 weeks ago

#25973 closed enhancement (fixed)

Backport off-by-one fix in 1352073

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: GeorgKoppen201804, TorBrowserTeam201804R
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

As a defense in depth we should backport the off-by-one error fix in https://bugzilla.mozilla.org/show_bug.cgi?id=1352073.

Child Tickets

Change History (8)

comment:1 Changed 3 weeks ago by gk

Keywords: TorBrowserTeam201804R added; TorBrowserTeam201804 removed
Status: newneeds_review

comment:2 Changed 3 weeks ago by mcs

r=brade, r=mcs

comment:3 Changed 3 weeks ago by gk

Resolution: fixed
Status: needs_reviewclosed

Thanks. Cherry-picked onto tor-browser-52.7.3esr-7.5-1 (6d4dc3e0fc543ac39393ab474409406ad9552b96) and tor-browser-52.7.3esr-8.0-1 (833b057519dcd6c62ac3f16cff93b17311c6a4c4).

comment:4 Changed 3 weeks ago by gk

Keywords: tbb-backported added

comment:5 Changed 3 weeks ago by gk

Keywords: tbb-backported removed

comment:6 Changed 3 weeks ago by cypherpunks

Don't you feel something is wrong with backporting only now what was fixed in Firefox 54?

comment:7 in reply to:  6 ; Changed 3 weeks ago by gk

Replying to cypherpunks:

Don't you feel something is wrong with backporting only now what was fixed in Firefox 54?

Not necessarily as a backport depends on a number of factors. In this particular case, though, yes, we could have tried harder to get the necessary info earlier to ship this defense-in-depth earlier to Tor Browser users.

comment:8 in reply to:  7 Changed 3 weeks ago by cypherpunks

Replying to gk:

Replying to cypherpunks:

Don't you feel something is wrong with backporting only now what was fixed in Firefox 54?

Not necessarily as a backport depends on a number of factors. In this particular case, though, yes, we could have tried harder to get the necessary info earlier to ship this defense-in-depth earlier to Tor Browser users.

It is a good practice to analyze every release of upstream for possible backports as linux distros do. That would be the case for android version anyway.

Note: See TracTickets for help on using tickets.