Difference between revisions of "AntiFeature:KnownVuln"

From F-Droid
Jump to: navigation, search
(+See also)
(document issues)
Line 1: Line 1:
This APK has a known security vulnerability, found by one of the scanners in _fdroidserver_
+
This APK has a known security vulnerability, found by one of the scanners in _fdroidserver_.
 +
 
 +
;current APK has a weak MD5 signature aka [[AntiFeature:DisabledAlgorithm]]
 +
:fix by making new release or rebuild to get an APK signed with the current signature algorithms
 +
; uses a version of OpenSSL that has known vulnerabilities
 +
: update the app to OpenSSL 1.0.2f/1.0.1r or higher.  For more info, see [https://support.google.com/faqs/answer/6376725 How to address OpenSSL vulnerabilities in your apps]
  
 
== See also ==
 
== See also ==
 
* [https://forum.f-droid.org/t/many-old-unmaintained-apps-have-been-archived/670/14 Many old, unmaintained apps have been archived] on the forum
 
* [https://forum.f-droid.org/t/many-old-unmaintained-apps-have-been-archived/670/14 Many old, unmaintained apps have been archived] on the forum
 
* [https://gitlab.com/fdroid/fdroidserver/issues/323 APKs with weak signatures no longer verify, move them to the archive] on GitLab
 
* [https://gitlab.com/fdroid/fdroidserver/issues/323 APKs with weak signatures no longer verify, move them to the archive] on GitLab

Revision as of 12:24, 27 September 2017

This APK has a known security vulnerability, found by one of the scanners in _fdroidserver_.

current APK has a weak MD5 signature aka AntiFeature:DisabledAlgorithm
fix by making new release or rebuild to get an APK signed with the current signature algorithms
uses a version of OpenSSL that has known vulnerabilities
update the app to OpenSSL 1.0.2f/1.0.1r or higher. For more info, see How to address OpenSSL vulnerabilities in your apps

See also