Date: Thu, 12 Feb 2015 13:05:11 -0500 (EST) From: cve-assign@...re.org To: hecmargi@....es Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE-Request -- Google Email App 4.2.2 remote denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > http://hmarco.org/bugs/google_email_app_4.2.2_denial_of_service.html At this point, the best available information is that this is a vulnerability in some part of open-source software under https://android.googlesource.com/platform/packages/apps/Email/ (although we don't know the specific lines of code at fault), that there is a security impact for a fully specified attack methodology, and that there isn't any clear evidence that this is a duplicate of a finding from a previous year. Use CVE-2015-1574. > https://android.googlesource.com/platform/packages/apps/Email/+/6fb157c90cc04a062eefa5ede850b6efd8d2fc80 This might not be a security fix. The goal of this fix might be to ensure that other types of blank Content-Disposition headers are considered equivalent to "Content-Disposition: inline" so that the "treat text and images as viewables" code path is used. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU3OrJAAoJEKllVAevmvmssb4H/RcixNJl7ZSn5POK4z+oqAN0 26L1q9sFlLWVLjv7oXj/YisKGOKTR0QyCTn1mW8UzHC5eDlTuWb1kuY0FCuiNeka z9RYhWgoXqKCv2zuPW5LoeQW5uk4wWfwByv85olDPDm5xjvWdhWndxSXueS5VcCj Fe3x9XIM5i7rX2UOEivdZM1aibdrhzj9CHRwdbi0yIDdNBWzfePqm26g060gD6EG daCh7vC2Rs47h4ugcbuiayN2UGYE6iG6LVtmuM0C+v6OKYda1F9OMP8NUKSebCxi x7gdeluVzKUpiYz0eRHsz5QJ4nDH9CWo8D/CXmfBt3IBE5L2e/MLy/UCkqtXOiM= =kugD -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.