Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 406ae3e8a9a8 from chromium #28813

Merged
merged 4 commits into from Apr 28, 2021
Merged

chore: cherry-pick 406ae3e8a9a8 from chromium #28813

merged 4 commits into from Apr 28, 2021

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Apr 23, 2021
edited

M86-LTS: Mojo: Properly validate broadcast events

This corrects broadcast event deserialization by adding a missing
validation step when decoding the outer message header.

(cherry picked from commit 6740adb28374ddeee13febfd5e5d20cb8a365979)

Fixed: 1195308
Change-Id: Ia67a20e48614e7ef00b1b32f7f4e5f20235be310
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2808678
Reviewed-by: Daniel Cheng dcheng@chromium.org
Commit-Queue: Ken Rockot rockot@google.com
Cr-Original-Commit-Position: refs/heads/master@{#870238}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2837712
Owners-Override: Achuith Bhandarkar achuith@chromium.org
Auto-Submit: Achuith Bhandarkar achuith@chromium.org
Reviewed-by: Artem Sumaneev asumaneev@google.com
Commit-Queue: Achuith Bhandarkar achuith@chromium.org
Cr-Commit-Position: refs/branch-heads/4240@{#1614}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}

Notes: Security: backported fix to CVE-2021-21223.

@ppontes ppontes requested a review from a team as a code owner April 23, 2021 20:06
@ppontes ppontes added 11-x-y backport-check-skip Skip trop's backport validity checking semver/patch backwards-compatible bug fixes labels Apr 23, 2021
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Apr 23, 2021
@ppontes ppontes force-pushed the cherry-pick/11-x-y/chromium/406ae3e8a9a8 branch from 633a4ec to 5ac67b1 Compare April 27, 2021 10:53
@MarshallOfSound MarshallOfSound merged commit a03607c into 11-x-y Apr 28, 2021
@release-clerk
Copy link

release-clerk bot commented Apr 28, 2021

Release Notes Persisted

Security: backported fix to CVE-2021-21223.

@MarshallOfSound MarshallOfSound deleted the cherry-pick/11-x-y/chromium/406ae3e8a9a8 branch April 28, 2021 07:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nornagon nornagon nornagon approved these changes

Assignees
No one assigned
Labels
11-x-y backport-check-skip Skip trop's backport validity checking semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ppontes @nornagon @MarshallOfSound @electron-bot @jkleinsc