Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 2 changes from Release-3-M119 #40647

Merged
merged 1 commit into from
Nov 30, 2023
Merged

chore: cherry-pick 2 changes from Release-3-M119 #40647

merged 1 commit into from
Nov 30, 2023

Conversation

VerteDinde
Copy link
Member

electron/security#432 - 971d6055e7b7 from openscreen [Cast Streaming] fix heap use-after-free

This patch fixes a use after free, caused by using an iterator
after it has been invalidated by a call to std::map::erase().

Bug: 1491210
Change-Id: I0c546eb6474af82f052b89e819a4886a004270f0
Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/4981212
Reviewed-by: Mark Foltz mfoltz@chromium.org
Commit-Queue: Jordan Bayles jophba@chromium.org
Reviewed-by: Muyao Xu muyaoxu@google.com

electron/security#432 - 6169a1fabae1 from skia Avoid combining extremely large meshes.

Bug: chromium:1505053
Change-Id: I42f2ff872bbf054686ec7af0cc85ff63055fcfbf
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/782936
Commit-Queue: Michael Ludwig michaelludwig@google.com
Reviewed-by: Michael Ludwig michaelludwig@google.com
Auto-Submit: John Stiles johnstiles@google.com

Notes:

  • Security: backported fix for 1491210.
  • Security: backported fix for CVE-2023-6345

@VerteDinde
chore: [28-x-y] cherry-pick 2 changes from Release-3-M119
27796f0 
* 971d6055e7b7 from openscreen
* 6169a1fabae1 from skia
@VerteDinde VerteDinde requested a review from a team as a code owner November 30, 2023 01:20
@electron-cation electron-cation bot added the new-pr 🌱 PR opened in the last 24 hours label Nov 30, 2023
@VerteDinde VerteDinde added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking labels Nov 30, 2023
@electron-cation electron-cation bot removed the new-pr 🌱 PR opened in the last 24 hours label Nov 30, 2023
@VerteDinde VerteDinde changed the title chore: [28-x-y] cherry-pick 2 changes from Release-3-M119 chore: cherry-pick 2 changes from Release-3-M119 Nov 30, 2023
@codebytere codebytere merged commit a0c85cf into 28-x-y Nov 30, 2023
19 checks passed
@codebytere codebytere deleted the cherry-pick/security/28-x-y/release-3-m119 branch November 30, 2023 11:40
@release-clerk Release Clerk
Copy link

release-clerk bot commented Nov 30, 2023

Release Notes Persisted

  • Security: backported fix for 1491210.
  • Security: backported fix for CVE-2023-6345

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codebytere codebytere codebytere approved these changes

Assignees
No one assigned
Labels
backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@VerteDinde @codebytere