commit | 1c256fed7e64aeaba97f80c756d8078433f25087 | [log] [tgz] |
---|---|---|
author | Teow Wan Yee <wy.teow@hi-p.com> | Wed Aug 24 14:37:29 2016 +0800 |
committer | Jeron Susan <jeron.susan@hi-p.com> | Wed Aug 24 15:34:19 2016 +0800 |
tree | aa6ea70eaf2bfa1a6d7a40774960ecba1c8914f9 | |
parent | 651942f6f410cc9d2688a9342aefda7ec3fe0031 [diff] |
FPII-2314: Update- Information disclosure vulnerability in GCM Encryption CVE-2016-2427 A-26234568 The default tag length is 12 for GCM encoding. After auditing the Android code base, there is no code that uses the default and we are passing in 16. Given this vulnerability is not reachable in the Android code base unless a developer explicitly chooses a weaker setting, we are reverting the change and revoking the CVE. Change-Id: Icfff68372fcbafb3e743a1a9d191536c0c1985c4