Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 1 changes from Release-2-M116 #39689

Merged
merged 2 commits into from Sep 5, 2023
Merged

chore: cherry-pick 1 changes from Release-2-M116 #39689

merged 2 commits into from Sep 5, 2023

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Aug 29, 2023

electron/security#399 - 35c06406a658 from chromium Handle object destruction in MediaStreamDeviceObserver

MSDO executes some callbacks that can result in the destruction of
MSDO upon an external event such as removing a media device or the
user revoking permission.
This CL adds code to detect this condition and prevent further
processing that would result in UAF. It also removes some invalid
DCHECKs.

Drive-by: minor style fixes

(cherry picked from commit 7337133682ab0404b753c563dde2ae2b1dc13171)

Bug: 1472492, b/296997707
Change-Id: I76f019bb110e7d9cca276444bc23a7e43114d2cc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4798398
Reviewed-by: Palak Agarwal agpalak@chromium.org
Commit-Queue: Guido Urdaneta guidou@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1186452}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4810035
Bot-Commit: Rubber Stamper rubber-stamper@appspot.gserviceaccount.com
Cr-Commit-Position: refs/branch-heads/5845@{#1586}
Cr-Branched-From: 5a5dff63a4a4c63b9b18589819bebb2566c85443-refs/heads/main@{#1160321}

Notes:

@ppontes ppontes requested a review from a team as a code owner August 29, 2023 21:42
@ppontes ppontes added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 22-x-y labels Aug 29, 2023
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Aug 29, 2023
@codebytere codebytere merged commit b58903d into 22-x-y Sep 5, 2023
13 checks passed
@codebytere codebytere deleted the cherry-pick/security/22-x-y/release-2-m116 branch September 5, 2023 08:16
@release-clerk
Copy link

release-clerk bot commented Sep 5, 2023

Release Notes Persisted

  • Security: backported fix for CVE-2023-4572.

richardo2016x added a commit to RabbyHub/RabbyDesktop that referenced this pull request Sep 29, 2023
@richardo2016x
feat: downgrade electron to v22 to avoid window manager issues on hig…
d925421 
…her version.

# security
sync fixes for heap buffer issues about webp

electron/electron#39689
https://github.com/electron/electron/releases/tag/v22.3.24
https://github.com/electron/electron/releases/tag/v22.3.25

electron/electron#40025
@richardo2016x richardo2016x mentioned this pull request Sep 29, 2023
Merged
richardo2016x added a commit to RabbyHub/RabbyDesktop that referenced this pull request Sep 29, 2023
@richardo2016x
feat: downgrade electron to v22 to avoid window manager issues on hig…
fe46f84 
…her version. (#566)

# security
sync fixes for heap buffer issues about webp

electron/electron#39689
https://github.com/electron/electron/releases/tag/v22.3.24
https://github.com/electron/electron/releases/tag/v22.3.25

electron/electron#40025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zcbenz zcbenz zcbenz approved these changes

Assignees
No one assigned
Labels
22-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ppontes @zcbenz @codebytere