Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails

This message is part of the following thread:
M\the complete thread tree sorted by date
MMintrigeri at <-
MMRomeo Papa at ->
Delete this message

Reply to this message
Author: intrigeri
Date:  
To: sajolida
CC: The Tails public development discussion list
Subject: Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails
Hi again,

intrigeri wrote (08 Aug 2015 09:24:48 GMT) :
> ... on the other hand, https://access.redhat.com/articles/1563163
> documents pdfjs.disabled=True as a mitigation. I trust RedHat security
> team to have verified that it indeed blocks exploitation.

I've documented the security hole + mitigation on
https://tails.boum.org/news/test_1.5-rc1/

Commit:
https://git-tails.immerda.ch/tails/commit/wiki/src/news/test_1.5-rc1.mdwn?id=af0bcb7138847e1ad8ba6d596309d391b92a7216

sajolida, please have a *quick* look (keep in mind that this will only
live 3 days, so there's probably no need to spend 25 minutes making
this as perfect as you would like ;)

Cheers,
--
intrigeri

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails[Tails-dev] AppArmor policy vs. hard links [Was: MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails]->
lists.autistici.org administrated by postmasterLurker (version 2.3)