oss-sec mailing list archives

Re: CVE-Request -- Google Email App 4.2.2 remote denial of service

From: Hector Marco <hecmargi () upv es>
Date: Wed, 11 Feb 2015 20:20:37 +0100



On 11/02/15 18:35, cve-assign () mitre org wrote:

It is a different source code and fix. The source code is
available in:

https://android.googlesource.com/platform/packages/apps/Email

... in the Email App this is done by the MimeUtility.java


Do you mean it's this fix:

https://android.googlesource.com/platform/packages/apps/Email/+/6fb157c90cc04a062eefa5ede850b6efd8d2fc80

 ?


I have tested this bug against the Email App in a Samsung Galaxy S4
(4.2.2.0200 vulnerable) and S5 mini (4.2.2.0400 not vulnerable) but I
didn't find these versions numbers in the Email git repository.

That patch fixes a problem with matches with the vulnerability that I
reported but only with that I can not say that that patch fixes what I
have reported.

Current thread:

CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 09)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Alexander Cherepanov (Feb 09)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 09)
  - Re: Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 10)
    - Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 11)
    - Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 11)
    - Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 12)
    - Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 15)
    - Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 16)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Mike O'Connor (Feb 09)