Partial fix for CVE-2015-4495/pdf.js in Jessie?
David Prévot
david at tilapin.org
Wed Aug 12 08:43:17 UTC 2015
Hi,
According to MFSA 2015-78 [1], the fix for CVE-2015-4495 is in two
parts. Would it make sense to backport the “Remove PlayPreview
registration from PDF Viewer” fix in pdf.js for Jessie (providing the
xul-ext-pdf.js standalone package, allowing one to override the shipped
version of pdf.js by this one)?
1: https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
Please find attached a proposed debdiff, quickly tested in Jessie. Any
inside information (thus CCing iceweasel at p.d.o) of the relevance of this
fix would be welcome.
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdf.js.diff
Type: text/x-diff
Size: 7079 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20150812/a1bfbce3/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20150812/a1bfbce3/attachment.sig>
More information about the pkg-mozilla-maintainers
mailing list