commit | c9edac5587059ea5d46bcef68c81d0add8ca4158 | [log] [tgz] |
---|---|---|
author | Teow Wan Yee <wy.teow@hi-p.com> | Tue Sep 20 16:30:47 2016 +0800 |
committer | Jeron Susan <jeron.susan@hi-p.com> | Fri Sep 23 09:36:49 2016 +0800 |
tree | 7b6496367f065df7bb6e593d6f207244271cb69c | |
parent | 60bd37dc11b65c9c8d5e8ee4680f2e83e168ef8b [diff] |
FPII-2384 : Information disclosure vulnerability in AOSP Mail CVE-2016-3918 A-30745403 After an application is granted the com.android.email.permission.READ_ATTACHMENT permission, it could gain access to any file the email app can access. This occurs because the ID is allowed to be an arbitrary String path instead of being limited to a long type. The fix is designed to set ID and account ID as long, and parsed as long values. Change-Id: I50b70baea821246f64c72ba47536d74485974a8a