1
Candidate: CVE-2015-3865
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3865
5
https://groups.google.com/forum/#!topic/android-security-updates/iv1BF0f0XY4
6
https://android.googlesource.com/platform/cts/+/3f7334822ba4cc53f81f22f3519093bf4e1d7f89%5E!/#F0
7
https://android.googlesource.com/platform/frameworks/base/+/ff8dc21278b19b22ed8dc9f9475850838336d351%5E!/#F0
9
The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to
10
gain privileges via a crafted application, as demonstrated by obtaining
11
Signature or SignatureOrSystem access, aka internal bug 23050463.
14
sbeattie> non-zygote apps were able to make JDWP connections
15
jdstrand> Ubuntu does not use the Runtime subsystem
18
Discovered-by: Chiachih Wu and Xuxian Jiang
22
upstream_android: needs-triage
24
trusty_android: ignored
25
vivid_android: ignored
26
vivid/stable-phone-overlay_android: ignored
27
vivid/ubuntu-core_android: DNE
29
devel_android: ignored