Eudora 8 0 0b4 Download Youtube
Mar 26, 2017 Aileye Katıl Facebook.
SeaMonkey Meeting Details • Time: • Location: Agenda • Who’s taking minutes? ->Ratty Action Items (who needs to do what that hasn’t been recorded in a bug) We should assign people to the open items. NEW • Kairo to contact MoFo on doing a SeaMonkey 2.0 press release.
Current Status: talked with MoCo presscontact, said they can’t do anything that costs money, but fell good about forwarding a roughly two-paragraph note to their contacts. OPEN • Get permission from Google to use their geolocation JSON service [KaiRo]. Contact at Google says: “We don’t have a good estimate for when GLS will be opening up more broadly, but I will be sure to let you know when we take that step. Sorry that I can not be more specific at this time.” – We can only wait right now.
• KaiRo emailed Google again more than 2 weeks ago, no reply yet. CLOSED SeaMonkey 2.0 Final (7) (0) (28) (6) • We need to get blockers fixed, some are unowned as of now and need to either get assigned and fixed fast, or to consider to drop or push back release. • Besides, we have three other unassigned blockers:,,. • The first one is quite an issue for Mac users according to stefanh. We need to check with stefanh on options for working round this bug. • Mnyromyr will look into the Mac-sidebar-blocker tonight. • [KaiRo] I feel safe on generating RC1 without 483282 (venkman perf hit) fixed, btw – I’d like to get it fixed for final, but with Mnyromyr backing out the core patch for it from trunk, I doubt we can do much by 1.9.1.4 and SM2.0 final.
• [mcsmurf] will be checked in today won’t make 2.0, I’m quite sure of that 2.0.x maybe then. • [InvisibleSmiley] I think it would be nice to have some user feedback on the Master Password workaround so if it can be done I’d like to have it for RC1 (only depends on reviews). • After code freeze, KaiRo will probably go through the wanted+ bugs and cancel or minus things that look too risky to take after code freeze. • [KaiRo] Right now, my main concern is if/how we can ship RC1 and then RC2/final after that.
The only thing blocking RC1 right now is (directory-rel). • We don’t do release notes for RCs as due to their version settings, they point to the final relnotes. But we need to relnote any known crashes / performance issues.
We can possibly “misuse” the final relnote doc for noting issues in RC1. • Schedule: • String freeze passed on Oct 1, locales starting to opt in. • Code freeze TODAY midnight PDT!• Spin first RC tomorrow if possible, with locales that are ready. • Let locales continue to opt in, RC2 should be final if in any way possible though. • Help can have exceptions to the string freeze – we always have handled it that way.
And nothing breaks if localizers are not 100% in sync with help docs. • Branch planning is totally up in the air. Thunderbird drivers seem to think branching very closely to releasing their final is good. KaiRo thinks branching should happen before spinning our first RC.
No compromise reached as of now. Feature List, Planning for last two (full) weeks: 52 new, 39 fixed, 30 triaged. • The rate of fixed bugs still continues to be high in the run up to 2.0. Major wanted/needed features: 2.0 • Toolbar customization aftermath [Ratty] • Good to go for 2.0. What remains has to be pushed back to 2.1 (, Addressbook and HTML Composer toolbars). • Modern theme update [Ratty] • Good for 2.0 as is.
The remaining polish bugs won’t block 2.0. • New icon set for “SeaMonkey Default Theme” • status/progress? Good for 2.0 as is? • A is up in the bug • KaiRo landed task icons • “Know Your Rights” [mcsmurf] • Has r+ conditional on fix a few nits.
• “New add-on installed” notification. Patch landed [sgautherie] • Help updates (more in ) • status/progress? We also should take a careful look at the other items on 2.1 • kill-rdf port [sgautherie] • Further work postponed to SM 2.1.
• Enable Mac OS X system address book per default and add UI. • SM UI needed, unowned, helpwanted. • OpenSearch. • We need to check if OpenSearch can support all our existing functionality, for example the INTEPRETS section in Sherlock search plugins. Mnyromyr will check on that, and on how extensible the Firefox code is. • drag tabs between windows • unowned so far.
• places bookmarks • unowned so far. • Build a standalone (Gecko 1.9.1) Composer • discussion needed. • Backport KompoZer to Composer • discussion needed. Roundtable Status Updates from developers – what are you working on, what’s the progress, any other comments? (feel free to add yourself to the list if your name is missing and you have interesting status). Ajschult Aqualon asrail biesi Callek IanN • Attended this year’s EU MozCamp in Prague.
• Usual testing, reviewing and commenting. • Bugs fixed: • Add help for the anti virus and scam preferences in the MailNews Preferences UI. • [SeaMonkey] xpcshell-tests: test_expire.js fails since landing. • Help button in Message Filter dialog lacks Help icon. • Working on: • Help button in Search Addresses dialog lacks Help icon. • Message Filter Dialog menulist missing some icons.
• Add icons to addressbook menulist in Search Addresses. • Newsgroup list in Message Filters Dialog has blank entry and extra separator. • Testing and reporting issues on lightning integration with SM.
• Working through approval/wanted requests for SM2. Download Video Mp4 Ayo Goyang Dumang. 0. InvisibleSmiley Bugs Fixed: • “Get all new messages” in news server context menu. • Update Help for Find in this page. • replace custom stringTrim() by native.trim() in Venkman. • outdated UI described in section Website Certified by an Unknown Authority. • Restore Previous Session missing. • Double click and Del do not trigger Edit/Delete in Customize Message Views window.
• Remove Roaming Profiles from Help. • Add shortcut for Find Again (Ctrl+G)[venkman] • Initialize Add Watch Expression dialog with current source selection. Working On: • Multiple simultaneous master password prompts when checking multiple imap accounts on startup. • Port Upgrading to 3.0 causes “archives” folder disappears.
• Port Archiving does not always place the messages in the correct account’s Archive folder (Archive shouldn’t use X-Account-Key: header, at least when account is not Global Inbox owner). KaiRo • Release driving for 2.0 • Got in the refreshed task icons for the default theme • Worked the backlog of support mails sent to council and himself • Tried and filed bugs on ISPDB, the database behind the new mail account “autoconfig” feature being already used in TB3 and planned for future SeaMonkey • Retrieved and worked on • Fixed a typo in en-US news.properties • Cared to have tinderbox breakage fixed after a mail server change at Mozilla • Attended EU MozCamp 2009 in Prague • As always, has more detailed status about my work.
Mcsmurf • Working on Migration wizard gets confused with non-matching directory-rel and directory prefs for SeaMonkey 2.0. • Working on Port Bug 456439 – add about:rights and a “Know Your Rights” infobar to Firefox to SeaMonkey for SeaMonkey 2.0. • Working on Port GetDefaultFeedReader to SeaMonkey shell service (probably won’t make SeaMonkey 2.0).
Misak Bugs Fixed: • Save tabs on quit dialog doesn’t save preferences. Working On: • Port Bug 354894 [Session restore doesn’t work if process hasn’t exited (Downloads window open)] to SeaMonkey. • There should be way to tell navigator.js that sessionstore is restoring window to avoid triggering “browser.windows.loadOnNewWindow” or “browser.startup.page”. Mnyromyr Bugs fixed: • [smtabmail] Messages opened from Non-All view in tab not shown. Working on: • nsICategoryManager::deleteCategoryEntry does not persist outside of component registration.
REOPENED• Make SetInitAtStartup actually work. [venkman] MReimer Neil Bugs fixed: • “Age in days” search should default to “is less than”. • Composer badly handles XHTML documents. • Implement new keyboard shortcut for Paste as Quotation (Now that CTRL+SHIFT+V is for Paste Without Formatting).
• Port bug 391728 (disabled plugin placeholder) UI to SeaMonkey. • proxy configuration dialog has unreadable text box, vertical size is 0 pixels. • Play a sound when Download Completes (again). •.message-icon rule in toolkit/themes/winstripe/global/global.css points to non-existent icon. • Lightning disables SeaMonkey’s throbber. • [SeaMonkey] reftest: 2 input-text-* fail since landing. • “Exception / NS_ERROR_ILLEGAL_VALUE / nsIRDFService.GetResource / bookmarksMenu.js:: anonymous:: line 129”, dropping on ‘(Empty)’.
• Bug 459457 moved dlgtype=”help” rules in to the wrong stylesheet. Working on: • Optimize sorting on entry updates in new download manager. • JavaScript exception when clicking “File” menu of “Write:” window while composing message.
• SeaMonkey can’t handle spaces in OpenURL, Firefox can. Ratty Bugs Fixed: • Expose anti virus and scam preferences in the MailNews Preferences UI. • Modern Update: changes in global/. • Change “Restart to apply theme” dialog from OK to Restart Now/Later. • Missing css/icons for Tasks and/or Events sidebar in SeaMonkey with Lightning. • Reclaim vertical space in the bookmarks toolbar menu (modern).
• Port: need a scrollbar on the envelope panel (view all headers / long address lists). • Lightning Categories Pref pane not showing any categories. Working on: • Need a chrome://branding/content/icon48.png since mozapps css refers to this. • about:certerror should use Larry now that the PageInfo Security tab is (still waiting for reviews). • [lightning] Lightning needs UI/CSS tweaks for SeaMonkey. • Port: make menuitem icons 16x16px consistently on Windows/Linux (modern).
• Need modern theme for Lightning. • Preferences button in Add-on window error – looking for preferences.xul. • Bug triage and bug discussions.
• AgitProp and PR in sgautherie • Attended in Prague. Talk to davida for schedule changes/additions. Action Items New Open • Planning for a dry-run security firedrill build Closed • Thunderbird security review completed last week. • Now in String freeze • Schedule ( proposed, may change): • Code Freeze for RC1: 2009-10-30 23:59 PST • L10n deadline: 2009-11-02 23:59 PST • RC1 builds start on: 2009-11-03 • Subsequent RCs as necessary. • Blockers •: 60 (-6) •: 1 (-1) • Proposed Blocking •: 17 (+11) • Wanted •: 272 • Fixed RC1 •: 63 (+24) • Please set bugs to assigned status (as well as owner to you) if you want to do them. • If you have other bugs assigned to you that you don’t want to do, please reassign or discuss with drivers. • If you see what look like theme/css issues, especially on Windows, please file a bug, with a screenshot, and the version of Windows you’re running.
Tag it with a “polish” keyword, and nominate it for blocking-tb3? QA Updates • topcrashes • needs help – if you crash with b4 take the time to read, and see if those bugs are involved: • Crash [@MimeInlineTextHTML_parse_eof ] • startup crash [@ nsRefPtr::StartAssignment()] Last week: • regular bugday not much to say • volume of bugmail is getting up – if you want to help with bugs get in touch with ludovic@mozillamessaging.com. This week: • regular – join you are more then welcome 🙂 • Initial 2. To 3.0 migration pushed up a week to be able to get more traction. Marketing Updates • Press tour is scheduled for France/Germany and Japan October 23 – 30. • Web site l10n hand-off this week.
IT update • Windows 7 SDK • Mac Minis green in staging Documentation (Sorry for the lack of links – MDC is broken at the moment) TODO: • Tutorial updates (new tools on AMO) • update MDC with status of Account Wizard In progress: • hooks for message header view () / more msg header stuff (, ) • new bug for debugging issues? Talk to davida for schedule changes/additions. Action Items New Open • We should engage the beta testing community in helping with the what’s new and release notes pages, especially explaining why we’ve changed things, and how to get back to the old behavior. Jenzed suggested an MDC page. (jz: see ) • Planning for a dry-run security firedrill build • At 2:30 PDT tomorrow, there will be a Thunderbird security review, dmose will send out the details today Closed • Schedule (proposed, may change): • Final l10n String Freeze: Tuesday 29th Sept 23:59 PST • Aiming to start RC1 builds on: 3rd Nov. • Subsequent RCs as necessary. • Blockers •: 66 (-1) •: 2 (0) • Proposed Blocking •: 6 (-14) • Wanted •: 275 • Fixed RC1 •: 39 • Please set bugs to assigned status (as well as owner to you) if you want to do them.
• If you have other bugs assigned to you that you don’t want to do, please reassign or discuss with drivers. • If you see what look like theme/css issues, especially on Windows, please file a bug, with a screenshot, and the version of Windows you’re running. Tag it with a “polish” keyword, and nominate it for blocking-tb3? QA Updates 3.0b4 topcrashers top 6.
Note, all are *new* but 1. 3.5.3 Major Update offer going out this week, we’re going to run the same survey. Evangelism • Mozilla Developer Center • Lots of progress on Firefox 3.6 documentation last week, lots more to come this week.
• As always, don’t forget to add the dev-doc-needed keyword to bugs that may impact developer documentation. You don’t even have to wait until there’s a patch.
• IT updated MDC to MindTouch 9.08. • See for more information.
• A bug in 9.08 has broken the language selector pop-up menu; we’re pressing MindTouch for a fix. • A massive, seemingly botted, spam attack led us to disable new user account registration last week until we figure out how they’re bypassing the captcha. We’re working on this. See for details.
• MozCampEU – Evangelism Europe will be there in spades. Looking for cool demos and WebGL stuff. Labs • from the Tabs open/close experiment has been posted, for the use of anyone in the researcher or UI designer community who wants to use it; we’ll start publicizing it this week.
• Graphs of results from the Tabs open/close experiment are going up today and tomorrow. Here are a couple of sneak previews:,. • is coming out this week; it has greatly improved syncing algorithms designed to take a lot of the load off of our servers in order to increase scalability. • Next will be October 8. • There will be a hack-a-thon at the next week.
Developer Tools Add-ons • AMO 5.1 launches this week • • on Sept 29 at Threadless HQ! • Get ready for Firefox 3.6! Webdev • – 49 fixed bugs – Launched last Thursday • Firefox for Mobile support site going into prod tomorrow • – 97 fixed bugs – Launches Tuesday (9/29) L10n • Finalized our Q4 goals • L10n team will travel to MozEU in Prague, can be found here. • Firefox 3.6 beta 1 is still in string freeze, so please check in changes • Philippines brownbag this afternoon at 4 PM MV time Foundation Updates • deploying this week.
Send any comments (and offers of testing) to Gerv. • Thanks to everyone who helped with the I Love the Web wave on OneWebDay. Great community participation and creativity. • Latest mockup for redesigned has been posted.
Comment on the blog post and let us know what you think. Roundtable Other Business. SeaMonkey Meeting Details • Time: • Location: Agenda • Who’s taking minutes? ->Ratty Action Items (who needs to do what that hasn’t been recorded in a bug) We should assign people to the open items. NEW • Kairo to contact MoFo on doing a SeaMonkey 2.0 press release. OPEN • Get permission from Google to use their geolocation JSON service [KaiRo].
Contact at Google says: “We don’t have a good estimate for when GLS will be opening up more broadly, but I will be sure to let you know when we take that step. Sorry that I can not be more specific at this time.” – We can only wait right now. • KaiRo emailed Google again this weekend, no reply yet. CLOSED • SHIPPED on Sep 12! • 16 locales made it, including en-US we have 17 languages.
• Compared to 2.0b1, nl is new, but cs didn’t make it. • has Fedora RPMs from ajschult and OS/2 builds. No other contributed builds including 64bit builds have come up so far. • Hendikins has just put up the x86_64 builds for linux on his site. • Feedback: • de had a broken string that breaks SMTP auth, fixed for nightlies.
• Feedback is good, including the possibility of testing Lightning with it. • One or two users are having download problems. The issue seems to disappear if logged in as admin. • The usual web browser discrimination. FaceBook, Yahoo! Mail, Hotmail Live, ComCast, etc.
• Feedback has been generally positive otherwise. SeaMonkey 2.0 Final (7) (2) (30) (1) • Need to get blockers fixed, some are unowned as of now, need to get assigned. • Schedule: • Proposal: String freeze Oct 1, Code freeze Oct 6. • Spin first RC right after code freeze with locales that are ready.
• Let locales continue to opt in until we feel OK with shipping a later RC as the actual final. • Thunderbird might be string freezing shortly earlier, code freezing possibly later, but going with a longer period to actual final. • Freeze on October 6th should allow at least a week of string freeze for final and allow us for some time of candidate testing, whether we push them as public RC releases or not. • The final string freeze for Thunderbird 3.0 is September 29 []. Thus, if Thunderbird checks in mailnews patches with string changes, that leaves people working on SM Help some 48 hours to get respective patches done, reviewed, and checked in to reflect such changes in the documentation. Sounds rather tight [rsx11m via Mozillazine].
• Help can have exceptions to the string freeze – we always have handled it that way. And nothing breaks if localizers are not 100% in sync with help docs. • Branch planning is up in the air, Thunderbird drivers seem to think branching very closely to releasing their final is good, KaiRo thinks branching should happen before spinning our first RC. No compromise reached as of now.
Feature List, Planning for last two (full) weeks: 80 new, 47 fixed, 25 triaged. • Open bugs continue to slightly increase, triaging is down in favor of more bugfixes, many of the new bugs are filed by the team as followups to work being done. • The rate of fixed bugs continues to be high in the run up to 2.0. Major wanted/needed features: 2.0 • Toolbar customization aftermath [Ratty] • Still something to be done for 2.0? • Implement Customizable Toolbars in SeaMonkey Message Compose. Patch waiting for checkin. • We still need small button icons for modern in MailNews.
Needs someone who understands both css and svg/graphics. Misak plans to do the small buttons minor placement fixes on svg, Ratty – css.
• Addressbook and HTML Composer toolbars. • Modern theme update [Ratty] • Modern Update: changes in global/. All necessary patches have landed.
Except possibly for (Update video controls), the remaining dependent bugs are nice to have polish but not blocking anything (imho). • New icon set for “SeaMonkey Default Theme” • status/progress? • Really need something moving for 2.0 final! • A is up in the bug • KaiRo has a patch up for task icons, help wanted for other icons!
• kill-rdf port [sgautherie] • The kill-rdf work is basically at the state we’ll ship in 2.0; the rest will have to move to 2.1. • “Know Your Rights” [mcsmurf] • On track to make the string freeze.
• “New add-on installed” notification [sgautherie] • Review issues need to be addressed. Should make 2.0. • Enable Mac OS X system address book per default and add UI. • SM UI needed, unowned, helpwanted. • Help updates (more in ) • helpwanted, anyone can help here! We also should take a careful look at the other items on If there’s anything on that list you think we shouldn’t take for 2.0 any more, please notify KaiRo, so we can push them to 2.1.
2.1 • OpenSearch. • We need to check if OpenSearch can support all our existing functionality, for example the INTEPRETS section in Sherlock search plugins. Mnyromyr will check on that, and on how extensible the Firefox code is. • drag tabs between windows • unowned so far.
• places bookmarks • unowned so far. Roundtable Status Updates from developers – what are you working on, what’s the progress, any other comments? (feel free to add yourself to the list if your name is missing and you have interesting status). Ajschult Aqualon asrail biesi Callek IanN • Usual testing, reviewing and commenting. • Bugs fixed: • Add TCP timeout pref. • Update SM Prefs Overlay with new IDs (Chatzilla). • mochitest-browser-chrome: “browser_bug471962.js Timed out” (and leaks) since bug 188253 landing.
• SeaMonkey lacks UI for browser.tabs.warnOnClose. • “Clear Location Bar” section in History pane should be removed. • Hook up new satchel pref(s) to the preferences window. • Save Page should supply web page descriptor / cache key when calling saveURI. • Message Filter Dialog menulist missing some icons. • Default theme issues with some menulists. • Working on: • Help button in Message Filter dialog lacks Help icon.
• Help button in Search Addresses dialog lacks Help icon. • Message Filter Dialog menulist missing some icons. • Add icons to addressbook menulist in Search Addresses. • Testing and reporting issues on lightning integration with SM. • Working through approval/wanted requests for SM2.0. InvisibleSmiley Bugs Fixed: • Copy image doesn’t copy image (nor its location).
• Hook up delete key to deleting entries in new download manager. • Shortcut Ctrl+K missing. Working On: • Restore Previous Session missing • Port Bug 88541 – Show URI in status bar onmouseover of Back/Forward menu items. • Port Bug 484329 – Upgrading to 3.0 causes “archives” folder disappears. • Double click and Del do not trigger Edit/Delete in Customize Message Views window. • Make Ctrl+F shortcut focus search field and Ctrl+Shift+F invoke Search Addresses. KaiRo • Released 2.0b2 on Sep 12.
• Discussed future of SeaMonkey build machines after Parallels experiment failed. • Turned off Mac OS X 10.4 test machines due to ongoing problems. • Fixed nasty typo in de L10n that broke SMTP auth in 2.0b2. • 2.0 release driving.
• Some investigation and discussion on getting Lighting to integrate better. • New task icons for default theme icon set. • Website updates for geolocation and privacy policy. • Reported SeaMonkey status in Mozilla’s project-wide weekly meeting on Monday. • As always, has more detailed status about my work.
Mcsmurf Working on: • Port – add about:rights and a “Know Your Rights” infobar to Firefox to SeaMonkey. Stalled?: • Port GetDefaultFeedReader to SeaMonkey shell service. • Port Bug 413781 – XBLify folder-selection menus to SeaMonkey. • tabbedbrowser progresslistener list grows forever instead of resizing when removeProgressListener is called. Misak Bugs Fixed: • NS_ERROR_MALFORMED_URI on session restore (in nsSessionStore.js).
• Port Bug 455070 [Make sessionStorage object conform the WHATWG spec] to SeaMonkey. • Port Bug 494543 [Can’t add items to Dell.com shopping cart] to SeaMonkey. • No quit dialog when multiple windows are open. • Port Bug 497730 [Restore session from crash while loading multiple tabs opens multiple about:blanks] to SeaMonkey. Working on: • Port Bug 354894 [Session restore doesn’t work if process hasn’t exited (Downloads window open)] to SeaMonkey.
• Save tabs on quit dialog doesn’t save preferences. • some other bugs in progress Morac • Closed tabs need to be deleted when browser history is cleared. Mnyromyr Bugs fixed: • Navigating from standalone message window fails to mark messages as read. • [lightning] Cannot add attendees to event invitation [Error “input is null” in calendar-event-dialog-attendees.xml]. Working on: • [smtabmail] Messages opened from Non-All view in tab not shown.
To Do: • Venkman startup perf stuff is on top of my agenda (given no (tab)mailnews top blockers appear). MReimer Neil Bugs fixed: • Email Compose window does not close itself after Account Wizard Cancel/Exit. • browser hangs up forever on restart if seperator in bookmak manager contains double quote characters. • Include an identity indicator in primary chrome (EV certificate UI). URL bar, Modern theming.
• Link selected by typeahead is not the link that is followed. • nsSeamonkeyProfileMigrator.cpp: re-enable/fix ‘wallet.captureForms’ handling. • SM 2 trunk has quit honoring startup “mail and news” pref. • [toolkit] Either document and enforce a maximum width for theme preview images, or don’t horizontally compress them. • New bookmark folders show “(Empty)” item until SeaMonkey restarted, take 2. • Context menu displays incorrectly after resizing address toolbar. • Groupbox custom caption content has bold font.
• No Lightning pref UI in SeaMonkey. • The meaning of font-size: smaller; has changed. • Some tabs opened in background from middle clicks still focus the browser. Working on: • Composer badly handles XHTML documents. • Implement new keyboard shortcut for Paste as Quotation (Now that CTRL+SHIFT+V is for Paste Without Formatting).
• SeaMonkey can’t handle spaces in OpenURL, Firefox can. • [toolkit].message-icon rule in toolkit/themes/winstripe/global/global.css points to non-existent icon. • [lightning] Lightning disables SeaMonkey’s throbber. Ratty Bugs Fixed: • Modern Update: changes in global/ (essentially finished).
• Modern Update: global/notification.css. • Implement Customizable Toolbars in SeaMonkey Message Compose.
• Small icons in MailNews toolbar becomes large when customizing. • Implement Minimal APIs needed for Lightning. • Implement Minimal APIs needed for Enigmail.
Working on: • Need a chrome://branding/content/icon48.png since mozapps css refers to this. • about:certerror should use Larry now that the PageInfo Security tab is (still waiting for reviews). • Bookmarks Menu: dropmarker missing” (classic). • Port: make menuitem icons 16x16px consistently on Windows/Linux (modern).
• Reclaim vertical space in the bookmarks toolbar menu (modern). • Port: need a scrollbar on the envelope panel (view all headers / long address lists). • [lightning] Lightning needs UI/CSS tweaks for SeaMonkey.
• Bug triage and bug discussions. Talk to davida for schedule changes/additions. Action Items New • We should engage the beta testing community in helping with the what’s new and release notes pages, especially explaining why we’ve changed things, and how to get back to the old behavior. Jenzed suggested an MDC page. (jz: see ) • Planning for a dry-run security firedrill build Open Closed • Release Driver: Standard8 • Build Engineer: gozer • Schedule (proposed, may change): • Final l10n String Freeze: Tuesday 29th Sept 23:59 PST • Approvals/Blockers only: from Tuesday 6th October 23:59 PST • Aiming to start RC1 builds on: 3rd Nov. • Subsequent RCs as necessary. • Blockers • 67 (+4) •: 2 (-1) • Proposed Blocking •: 20 (+14) • Wanted • 265 • Please set bugs to assigned status (as well as owner to you) if you want to do them.
• If you have other bugs assigned to you that you don’t want to do, please reassign or discuss with drivers. • If you see what look like theme/css issues, especially on Windows, please file a bug, with a screenshot, and the version of Windows you’re running. Tag it with a “polish” keyword, and nominate it for blocking-tb3? QA Updates Last week: • b4 tests builds were on time. • Community joined the effort (with around 10/12 people testing.) • Test coverage is 95%.
Mostly green • We’ll need to update some test – work is already in progress on that. • 29 Bugs were found during testing (some are duplicates), complete list of bug is visible • Detailed results are visible on • Thanks to everybody who gave time to test This week: • day. A special day with easy tasks to do to get immediate reward on your work. To do so: • bug day will be focused on regression-window wanted • and qawanted bugs • Longer explanation are available at Marketing Updates •: • Thunderbird 3 Beta 4 – will be tracking press as it rolls in. • Launch prep.
Press tour scheduling, and asset work. • Meeting w/ board this week to discuss marketing messages. IT update • Thunderbird 3.0 Beta 4 • is open for public consumption • More tweaks pending • Automation a few bugs so should be better next time.
Name Description plugins audio_filter libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file. Plugins codec libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability. Drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system.
The vulnerability exists because the affected application does not properly validate Fragmentation Unit (FU-A) protocol packets. An attacker could exploit this vulnerability by sending a crafted H.264 FU-A packet through the affected application. A successful exploit could allow the attacker to cause a DoS condition on the affected system due to an unexpected restart of the CMS media process on the system. Although the CMS platform continues to operate and only the single, affected CMS media process is restarted, a brief interruption of media traffic for certain users could occur.
Cisco Bug IDs: CSCve10131. A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a GET request. The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data. The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream.
Successful exploitation could lead to arbitrary code execution. Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message. An issue was discovered in certain Apple products.
MacOS before 10.12.4 is affected. The issue involves the 'QuickTime' component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted media file. The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.
Drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL. Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a 'favorite.'
Drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file. DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php. Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904. SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker.
The 'strictrtp' option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above.
The 'nat' and 'rtp_symmetric' options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked.
Provided the attacker continued to send traffic, they would continue to receive traffic as well. In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a.php file. An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.
Android ID A-63666573. An elevation of privilege vulnerability in the Android media framework (libaudioservice).
Product: Android. Versions: 8.0. Android ID A-65280854. An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android.
Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384. A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456. An information disclosure vulnerability in the Android media framework (n/a).
Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132. An information disclosure vulnerability in the Android media framework (n/a). Product: Android.
Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872.
A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65717533. QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251.
A remote user does not require any privileges to successfully execute an attack. A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could exploit this vulnerability by sending a malformed H.264 frame to the targeted device.
An exploit could allow the attacker to cause a denial of service (DoS) condition because the media process could restart. The media session should be re-established within a few seconds, during which there could be a brief interruption in service. Cisco Bug IDs: CSCvg12559. Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. Due to the way Windows Media Player discloses file information, aka 'Windows Media Player Information Disclosure Vulnerability.' The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.
Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution. In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. Akka HTTP versions unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by.php.txt or.php%20. An issue was discovered in certain Apple products. IOS before 10.2 is affected.
The issue involves the 'Media Player' component, which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging lockscreen access. Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka 'Media Foundation Memory Corruption Vulnerability.' An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18.
Android ID: A-29421682. References: QC-CR#1055792. An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android.
Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783. An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android.
Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766.
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application.
Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731. A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process.
Android ID: A-30190637. A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Android ID: A-31373622.
Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php. A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb81344. Motherboard Manual Pdf. Known Affected Releases: 1.0. A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable.
Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2). Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110. Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a. (dot dot) in the ATE_COMMAND parameter. Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a.
(dot dot) in the src parameter. Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations. Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL. Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.
Drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call. Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value. Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to 'seek across EOF.' Drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka Android internal bug 30102557 and Qualcomm internal bug CR 789704. Media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges via a crafted application, aka internal bug 30204103. Drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29513227 and Qualcomm internal bug CR 1040857. OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29421811.
The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and device hang or reboot) via a crafted media file, aka internal bug 30013856. Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 25747670. Arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686. Decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002.
Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888. Media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 29270469. Drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326. The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417.
The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433. The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649. Decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995. Codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956. Libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152.
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410. Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562. Media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive pointer information via a crafted application, aka internal bug 28377502. Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28556125. Decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28470138. Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448. Decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656.
Decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659. The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661. IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899.
IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898. Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass. Media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28799341. Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266.
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045. Mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006. Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation, aka internal bug 27855419.
Media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27533704. The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354. The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079. The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332. LibFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted media file, aka internal bug 27211885. LibAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339. Media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.
Media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358. Media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474. Media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627. The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. Libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.
The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142. Media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840. Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350. Post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245. Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256. MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621.
Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590. Decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014. An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548. Mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803.
The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375. Media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119.
The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434. Libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.
Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka.mcl) file, aka 'Windows Media Center Remote Code Execution Vulnerability.' Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka 'Windows Media Parsing Remote Code Execution Vulnerability.' Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka 'Windows Media Parsing Remote Code Execution Vulnerability.'
Drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246. Drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473. Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with 'manage their own media items' and 'manage their own entries and comments' permissions to execute arbitrary PHP code by uploading a file with a (1).pht, (2).phps, or (3).phtml extension. Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page. The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8506. Mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8507. Mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than CVE-2015-6616, CVE-2015-8506, and CVE-2015-8507. The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact by leveraging improper interaction with the vp3_h_loop_filter_c function in libavcodec/vp3dsp.c in FFmpeg. Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering access to an unauthorized audio output device.
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. The AMF3CD_AddProp functi.