oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-Request -- Google Email App 4.2.2 remote denial of service

From: cve-assign () mitre org
Date: Mon, 9 Feb 2015 16:40:33 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


A bug in the stock Google email application


Is the source code and fix in 4.2.2.0400 the same as in:

  https://src.chromium.org/viewvc/blink?revision=152293&view=revision

? If so, then it is an open-source vulnerability, and can have one
CVE-2013-#### ID assigned here, even if the relevant HTTPParsers.cpp code
is also bundled in one or more closed-source products.

If it is independent source code that happens to have the same
attack vector (the attack vector in
http://hmarco.org/bugs/google_email_app_4.2.2_denial_of_service.html
appears to be identical to the attack vector in the
https://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/misc/resources/nearly-empty-content-disposition.php
test), then revision 152293 could probably have a separate new
CVE-2013-#### ID.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU2SjYAAoJEKllVAevmvms7XgH/160UM97gBilVzyom9QDvbMs
qxDlphiOqH2J5+ShSPmKLmUcaT9snIylAQnBadTolsZxFeNsOjdIH0zJhnoafvUR
BjhUO1Z8ABrUifyLJuk0aezXErEoS2COVqaWu0IYYpJ3OPIExnGJw9cIQP4YHfDQ
aryvVRmsyasA42H72Ao+lF3W/om4fb8j32o78/Zp5Lp9yAn9Iq0XOtn/HjrhFCU9
TN6gil7OOb0nyKedRFmK60+Ek7ME+hIMCFrEftOJgZ6RTNc9V3fDJL2AD61jS8Wr
LF3FJSKoTRyA8QeRsL+zU9uCw3KHmx2l65rbxvjgURXMJgGykFIGVc22itJm8tM=
=xXk6
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: