security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

fix upstream RecoverySystem.verifyPackage(...) vulnerability

Browse Source
This commit is contained in:
Daniel Micay 2025-04-08 22:06:59 -04:00
parent ea5e7bdee3
commit 1acf8e0289
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
static/releases.html
View File

@ -576,6 +576,7 @@
<p>Changes since the 2025040700 release:</p> <p>Changes since the 2025040700 release:</p>
<ul> <ul>
<li>fix upstream RecoverySystem.verifyPackage(...) vulnerability (this was not directly exploitable due to there being 2 layers of update package signature verification and downgrade protection, but the first layer of protection should work properly to avoid a vulnerability in the 2nd layer being exploited)</li>
<li>Vanadium: update to <a href="https://github.com/GrapheneOS/Vanadium/releases/tag/135.0.7049.79.0">version 135.0.7049.79.0</a></li> <li>Vanadium: update to <a href="https://github.com/GrapheneOS/Vanadium/releases/tag/135.0.7049.79.0">version 135.0.7049.79.0</a></li>
</ul> </ul>
</article> </article>