Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20150212180511.B01096C00AB@smtpvmsrv1.mitre.org>
Date: Thu, 12 Feb 2015 13:05:11 -0500 (EST)
From: cve-assign@...re.org
To: hecmargi@....es
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE-Request -- Google Email App 4.2.2 remote denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://hmarco.org/bugs/google_email_app_4.2.2_denial_of_service.html

At this point, the best available information is that this is a
vulnerability in some part of open-source software under
https://android.googlesource.com/platform/packages/apps/Email/
(although we don't know the specific lines of code at fault), that
there is a security impact for a fully specified attack methodology,
and that there isn't any clear evidence that this is a duplicate of a
finding from a previous year. Use CVE-2015-1574.

> https://android.googlesource.com/platform/packages/apps/Email/+/6fb157c90cc04a062eefa5ede850b6efd8d2fc80

This might not be a security fix. The goal of this fix might be to
ensure that other types of blank Content-Disposition headers are
considered equivalent to "Content-Disposition: inline" so that the
"treat text and images as viewables" code path is used.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU3OrJAAoJEKllVAevmvmssb4H/RcixNJl7ZSn5POK4z+oqAN0
26L1q9sFlLWVLjv7oXj/YisKGOKTR0QyCTn1mW8UzHC5eDlTuWb1kuY0FCuiNeka
z9RYhWgoXqKCv2zuPW5LoeQW5uk4wWfwByv85olDPDm5xjvWdhWndxSXueS5VcCj
Fe3x9XIM5i7rX2UOEivdZM1aibdrhzj9CHRwdbi0yIDdNBWzfePqm26g060gD6EG
daCh7vC2Rs47h4ugcbuiayN2UGYE6iG6LVtmuM0C+v6OKYda1F9OMP8NUKSebCxi
x7gdeluVzKUpiYz0eRHsz5QJ4nDH9CWo8D/CXmfBt3IBE5L2e/MLy/UCkqtXOiM=
=kugD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.