Date: Thu, 12 Feb 2015 13:05:11 -0500 (EST) From: cve-assign@...re.org To: hecmargi@....es Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE-Request -- Google Email App 4.2.2 remote denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > http://hmarco.org/bugs/google_email_app_4.2.2_denial_of_service.html At this point, the best available information is that this is a vulnerability in some part of open-source software under https://android.googlesource.com/platform/packages/apps/Email/ (although we don't know the specific lines of code at fault), that there is a security impact for a fully specified attack methodology, and that there isn't any clear evidence that this is a duplicate of a finding from a previous year. Use CVE-2015-1574. > https://android.googlesource.com/platform/packages/apps/Email/+/6fb157c90cc04a062eefa5ede850b6efd8d2fc80 This might not be a security fix. The goal of this fix might be to ensure that other types of blank Content-Disposition headers are considered equivalent to "Content-Disposition: inline" so that the "treat text and images as viewables" code path is used. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU3OrJAAoJEKllVAevmvmssb4H/RcixNJl7ZSn5POK4z+oqAN0 26L1q9sFlLWVLjv7oXj/YisKGOKTR0QyCTn1mW8UzHC5eDlTuWb1kuY0FCuiNeka z9RYhWgoXqKCv2zuPW5LoeQW5uk4wWfwByv85olDPDm5xjvWdhWndxSXueS5VcCj Fe3x9XIM5i7rX2UOEivdZM1aibdrhzj9CHRwdbi0yIDdNBWzfePqm26g060gD6EG daCh7vC2Rs47h4ugcbuiayN2UGYE6iG6LVtmuM0C+v6OKYda1F9OMP8NUKSebCxi x7gdeluVzKUpiYz0eRHsz5QJ4nDH9CWo8D/CXmfBt3IBE5L2e/MLy/UCkqtXOiM= =kugD -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ