Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Feb 2015 20:20:37 +0100
From: Hector Marco <hecmargi@....es>
To: cve-assign@...re.org
CC: oss-security@...ts.openwall.com
Subject: Re: CVE-Request -- Google Email App 4.2.2 remote denial of service



On 11/02/15 18:35, cve-assign@...re.org wrote:
>> It is a different source code and fix. The source code is
>> available in:
> 
>> https://android.googlesource.com/platform/packages/apps/Email
> 
>> ... in the Email App this is done by the MimeUtility.java
> 
> Do you mean it's this fix:
> 
> https://android.googlesource.com/platform/packages/apps/Email/+/6fb157c90cc04a062eefa5ede850b6efd8d2fc80
>
>  ?
> 
> 

I have tested this bug against the Email App in a Samsung Galaxy S4
(4.2.2.0200 vulnerable) and S5 mini (4.2.2.0400 not vulnerable) but I
didn't find these versions numbers in the Email git repository.

That patch fixes a problem with matches with the vulnerability that I
reported but only with that I can not say that that patch fixes what I
have reported.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.