GraphicBuffer overflow vulnerability - CVE-2015-1474
I've checked, that Replicant is vulnerable to the GraphicBuffer overflow (bug: 18076253), registered as CVE-2015-1474.
More informations: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1474
Android diff: https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091
Updated by My Self about 6 years ago
The patch is provided to the mailing list, now: http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150330/000666.html
Updated by My Self almost 6 years ago
- File CVE-2015-1474.patch added
I decided to attach the patch listed above, (and tested with the current Replicant 4.2 sources) on this ticket.
After flashing the patched Replicant, I've tested my productive device several months without any misbehavior.
@everyone: please review the patch and apply it if you like.