Project

General

Profile

Actions

Issue #1257

closed

Installer Hijacking vulnerability

Added by My Self almost 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Security
Target version:
Start date:
03/30/2015
Due date:
% Done:

100%

Estimated time:
Resolution:
fixed
Device:
Grant:
Type of work:


Files

Actions #1

Updated by My Self almost 7 years ago

I have to wait until the Replicant sources are fetchable again:
http://redmine.replicant.us/boards/15/topics/8817

Actions #2

Updated by My Self over 6 years ago

  • File Add-manifest-to-verification-params.patch added

The sources are up again.
So I decided to attach the patch listed above, (and tested with the current Replicant 4.2 sources) on this ticket.
After flashing the patched Replicant, I've tested my productive device several days without any misbehavior.
Furthermore I've successfully checked, that Replicant isn't vulnerale to the "Installer Hijacking Vulnerability" anymore.

@everyone: please review the patch and apply it if you like.

Actions #3

Updated by My Self over 6 years ago

Additionally, the patch is provided to the mailing list, now: http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150720/000763.html

Actions #4

Updated by My Self over 6 years ago

  • % Done changed from 0 to 100
Actions #5

Updated by My Self over 6 years ago

  • File deleted (Add-manifest-to-verification-params.patch)
Actions #7

Updated by Paul Kocialkowski over 6 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

Merged, thanks a lot!

Actions

Also available in: Atom PDF