[Bug 26838] Normatively address vulnerabilities related to initData contained in media data from bugzilla@jessica.w3.org on 2014-10-17 (public-html-bugzilla@w3.org from October 2014)

From: <bugzilla@jessica.w3.org>
Date: Fri, 17 Oct 2014 18:17:59 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-26838-2486-0YyhfM1ebz@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26838

David Dorwin <ddorwin@google.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Depends on|                            |26332

--- Comment #5 from David Dorwin <ddorwin@google.com> ---
Of the concerns identified in comment #0:
* #1 depends on bug 26332.
* #2a is normatively addressed by the changes to the Initialization Data
Encountered in https://dvcs.w3.org/hg/html-media/rev/f18f378041a2.
* #2b is somewhat addressed by the new normative step in generateRequest(), but
the actual validation and sanitization are not normatively specified. Fixing
this depends on bug 27093.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Friday, 17 October 2014 18:18:01 UTC