Project

General

Profile

Issue #1257

Installer Hijacking vulnerability

Added by My Self over 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Security
Target version:
Start date:
03/30/2015
Due date:
% Done:

100%

Estimated time:
Resolution:
fixed
Device:
Grant:


Files

#1

Updated by My Self over 5 years ago

I have to wait until the Replicant sources are fetchable again:
http://redmine.replicant.us/boards/15/topics/8817

#2

Updated by My Self over 5 years ago

  • File Add-manifest-to-verification-params.patch added

The sources are up again.
So I decided to attach the patch listed above, (and tested with the current Replicant 4.2 sources) on this ticket.
After flashing the patched Replicant, I've tested my productive device several days without any misbehavior.
Furthermore I've successfully checked, that Replicant isn't vulnerale to the "Installer Hijacking Vulnerability" anymore.

@everyone: please review the patch and apply it if you like.

#3

Updated by My Self over 5 years ago

Additionally, the patch is provided to the mailing list, now: http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150720/000763.html

#4

Updated by My Self about 5 years ago

  • % Done changed from 0 to 100
#5

Updated by My Self about 5 years ago

  • File deleted (Add-manifest-to-verification-params.patch)
#7

Updated by Paul Kocialkowski about 5 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

Merged, thanks a lot!

Also available in: Atom PDF