Spurious CVE-2015-6616 on Cyanogenmod 11.0 #129
Comments
|
see here: #128 |
|
This issue can now be closed because #128 has been merged. |
|
Just checked today with my self-build cm-11.0 with lasted Lineage OS source, still vulnerable to CVE-2015-6616. All needed patch for 4.4.4 are merged: |
|
The latest official apk on https://github.com/AndroidVTS/android-vts/releases seems to be from december 2015, so that one won't have the CVE-2015-6616 fix from #128 . I'm not aware of any recent builds, but you can build the apk yourself from source with the build instructions at: https://github.com/AndroidVTS/android-vts/blob/master/Readme.md |
|
A prebuilt APK with #128 is available at #38 (comment) |
Got the result that cm-11-20160523-NIGHTLY-crespo (Android 4.4.4 on Nexus S) is vulnerable to CVE-2015-6616. So I checked if CVE-2015-6616 is applied in cm-11.0 nightly:
ANDROID-24630158 is applied in cm-11.0: CyanogenMod/android_frameworks_av@c4f36d3
ANDROID-23882800 is applied in cm-11.0: CyanogenMod/android_frameworks_av@9b2a7f2
ANDROID-17769851 is applied in cm-11.0: CyanogenMod/android_frameworks_av@5873008
ANDROID-24441553 is applied in cm-11.0: CyanogenMod/android_frameworks_av@fbf2cec
ANDROID-24157524 should not be necessary in cm-11.0
Maybe your check is incorrect (on older Android) ?
The text was updated successfully, but these errors were encountered: