oss-sec mailing list archives
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service
From: cve-assign () mitre org
Date: Thu, 12 Feb 2015 13:05:11 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://hmarco.org/bugs/google_email_app_4.2.2_denial_of_service.html
At this point, the best available information is that this is a vulnerability in some part of open-source software under https://android.googlesource.com/platform/packages/apps/Email/ (although we don't know the specific lines of code at fault), that there is a security impact for a fully specified attack methodology, and that there isn't any clear evidence that this is a duplicate of a finding from a previous year. Use CVE-2015-1574.
https://android.googlesource.com/platform/packages/apps/Email/+/6fb157c90cc04a062eefa5ede850b6efd8d2fc80
This might not be a security fix. The goal of this fix might be to ensure that other types of blank Content-Disposition headers are considered equivalent to "Content-Disposition: inline" so that the "treat text and images as viewables" code path is used. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU3OrJAAoJEKllVAevmvmssb4H/RcixNJl7ZSn5POK4z+oqAN0 26L1q9sFlLWVLjv7oXj/YisKGOKTR0QyCTn1mW8UzHC5eDlTuWb1kuY0FCuiNeka z9RYhWgoXqKCv2zuPW5LoeQW5uk4wWfwByv85olDPDm5xjvWdhWndxSXueS5VcCj Fe3x9XIM5i7rX2UOEivdZM1aibdrhzj9CHRwdbi0yIDdNBWzfePqm26g060gD6EG daCh7vC2Rs47h4ugcbuiayN2UGYE6iG6LVtmuM0C+v6OKYda1F9OMP8NUKSebCxi x7gdeluVzKUpiYz0eRHsz5QJ4nDH9CWo8D/CXmfBt3IBE5L2e/MLy/UCkqtXOiM= =kugD -----END PGP SIGNATURE-----
Current thread:
- CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 09)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Alexander Cherepanov (Feb 09)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 09)
- Re: Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 10)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 11)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 11)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 12)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 15)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 16)
- Re: Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 10)