summaryrefslogtreecommitdiffstats
path: root/res/xml-mcc311-mnc227/mms_config.xml
diff options
context:
space:
mode:
authorTom Taylor <tomtaylor@google.com>2016-12-05 13:57:45 -0800
committerSean McCreary <mccreary@mcwest.org>2017-04-06 13:31:58 -0600
commit04c487f3f5872ba390e430d95204ab996bbbdc59 (patch)
treef451bdb71aa778654f0b900103b9268085b34bd3 /res/xml-mcc311-mnc227/mms_config.xml
parenta4098b20bc5af495c367eb108c327466fd1726f6 (diff)
downloadpackages_apps_Messaging-04c487f3f5872ba390e430d95204ab996bbbdc59.tar.gz
packages_apps_Messaging-04c487f3f5872ba390e430d95204ab996bbbdc59.tar.bz2
packages_apps_Messaging-04c487f3f5872ba390e430d95204ab996bbbdc59.zip
32161610 Security Vulnerability - Information disclosure vulnerability in AOSP Messaging
* Check to make sure the returned uri from the gallery picker does not point to bugle's data directory (or any subdir). * Test: Manual- * I created the test app in the bug, the one that injects the bad uri into Bugle. I verified the bad behavior before the fix and the good behavior after. * I tested the gallery to make sure picking photos, from the photos app and drive, still work. * I verified the behavior in the debugger to be sure the code is catching the bad uri from the test app. AOSP-Change-Id: I3393f3b886c837a49758b91945cf1e17ec9bee41 Fixes: 32161610 (cherry picked from commit 69ed579fb8092395c4ffeb64ff5147622def3d4a) Change-Id: Ifbfc78e6404f5f258a98026d3c5a5e76a107ddc8 (cherry picked from commit 9aaf452d882da24e19801fdb09df1e1311986482)
Diffstat (limited to 'res/xml-mcc311-mnc227/mms_config.xml')
0 files changed, 0 insertions, 0 deletions