oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-Request -- Google Email App 4.2.2 remote denial of service

From: cve-assign () mitre org
Date: Thu, 12 Feb 2015 13:05:11 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


http://hmarco.org/bugs/google_email_app_4.2.2_denial_of_service.html


At this point, the best available information is that this is a
vulnerability in some part of open-source software under
https://android.googlesource.com/platform/packages/apps/Email/
(although we don't know the specific lines of code at fault), that
there is a security impact for a fully specified attack methodology,
and that there isn't any clear evidence that this is a duplicate of a
finding from a previous year. Use CVE-2015-1574.


https://android.googlesource.com/platform/packages/apps/Email/+/6fb157c90cc04a062eefa5ede850b6efd8d2fc80


This might not be a security fix. The goal of this fix might be to
ensure that other types of blank Content-Disposition headers are
considered equivalent to "Content-Disposition: inline" so that the
"treat text and images as viewables" code path is used.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU3OrJAAoJEKllVAevmvmssb4H/RcixNJl7ZSn5POK4z+oqAN0
26L1q9sFlLWVLjv7oXj/YisKGOKTR0QyCTn1mW8UzHC5eDlTuWb1kuY0FCuiNeka
z9RYhWgoXqKCv2zuPW5LoeQW5uk4wWfwByv85olDPDm5xjvWdhWndxSXueS5VcCj
Fe3x9XIM5i7rX2UOEivdZM1aibdrhzj9CHRwdbi0yIDdNBWzfePqm26g060gD6EG
daCh7vC2Rs47h4ugcbuiayN2UGYE6iG6LVtmuM0C+v6OKYda1F9OMP8NUKSebCxi
x7gdeluVzKUpiYz0eRHsz5QJ4nDH9CWo8D/CXmfBt3IBE5L2e/MLy/UCkqtXOiM=
=kugD
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: