Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails

Nachricht löschen

Nachricht beantworten
Autor: Romeo Papa
Datum:  
To: tails-dev
Betreff: Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails
PS: Sorry about all the messages I'm apparently sending while writing up
the message I need to see what's happening...

After reading further, I've found the debian page saying only
38.1.0esr-3 is vulnerable
(https://security-tracker.debian.org/tracker/CVE-2015-4495).

But I've also found the origins of the vulnerability from the commits
for Firefox 39.0.3, it is from the pdf.js and after tracking the history
I believe the bug might have been present since possibly 2 years if not
more.

https://github.com/mozilla/pdf.js/commit/4f3f983a214867011dda8c5597a4d3523c5f1423

PS: Sorry about all the messages I'm apparently sending while writing up
the message I need to see what's happening...