Full Disclosure mailing list archives
Re: [oss-security] CVE request: remote code execution in Android CTS
From: David Daynard <nardholio () gmail com>
Date: Mon, 20 Oct 2014 01:26:29 -0400
Compliance Test Suite is one portion of the process OEMs use to certify Android builds on shipping devices. I cannot think of any instance where the average user would run the suite (which takes several hours to do and is a fairly complicated process https://source.android.com/compatibility/cts-intro.html ) Even if someone is building Android at home, there is no reason to run CTS on home builds. I'm not saying this file shouldn't be patched, I'm saying the risk is extremely low and is limited to engineers in the lab environment. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: [oss-security] CVE request: remote code execution in Android CTS David Daynard (Oct 19)