Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Feb 2015 13:05:11 -0500 (EST)
From: cve-assign@...re.org
To: hecmargi@....es
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE-Request -- Google Email App 4.2.2 remote denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://hmarco.org/bugs/google_email_app_4.2.2_denial_of_service.html

At this point, the best available information is that this is a
vulnerability in some part of open-source software under
https://android.googlesource.com/platform/packages/apps/Email/
(although we don't know the specific lines of code at fault), that
there is a security impact for a fully specified attack methodology,
and that there isn't any clear evidence that this is a duplicate of a
finding from a previous year. Use CVE-2015-1574.

> https://android.googlesource.com/platform/packages/apps/Email/+/6fb157c90cc04a062eefa5ede850b6efd8d2fc80

This might not be a security fix. The goal of this fix might be to
ensure that other types of blank Content-Disposition headers are
considered equivalent to "Content-Disposition: inline" so that the
"treat text and images as viewables" code path is used.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU3OrJAAoJEKllVAevmvmssb4H/RcixNJl7ZSn5POK4z+oqAN0
26L1q9sFlLWVLjv7oXj/YisKGOKTR0QyCTn1mW8UzHC5eDlTuWb1kuY0FCuiNeka
z9RYhWgoXqKCv2zuPW5LoeQW5uk4wWfwByv85olDPDm5xjvWdhWndxSXueS5VcCj
Fe3x9XIM5i7rX2UOEivdZM1aibdrhzj9CHRwdbi0yIDdNBWzfePqm26g060gD6EG
daCh7vC2Rs47h4ugcbuiayN2UGYE6iG6LVtmuM0C+v6OKYda1F9OMP8NUKSebCxi
x7gdeluVzKUpiYz0eRHsz5QJ4nDH9CWo8D/CXmfBt3IBE5L2e/MLy/UCkqtXOiM=
=kugD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ