Difference between revisions of "AntiFeature:KnownVuln"
From F-Droid
(+See also) |
(document issues) |
||
| Line 1: | Line 1: | ||
| − | This APK has a known security vulnerability, found by one of the scanners in _fdroidserver_ | + | This APK has a known security vulnerability, found by one of the scanners in _fdroidserver_. |
| + | |||
| + | ;current APK has a weak MD5 signature aka [[AntiFeature:DisabledAlgorithm]] | ||
| + | :fix by making new release or rebuild to get an APK signed with the current signature algorithms | ||
| + | ; uses a version of OpenSSL that has known vulnerabilities | ||
| + | : update the app to OpenSSL 1.0.2f/1.0.1r or higher. For more info, see [https://support.google.com/faqs/answer/6376725 How to address OpenSSL vulnerabilities in your apps] | ||
== See also == | == See also == | ||
* [https://forum.f-droid.org/t/many-old-unmaintained-apps-have-been-archived/670/14 Many old, unmaintained apps have been archived] on the forum | * [https://forum.f-droid.org/t/many-old-unmaintained-apps-have-been-archived/670/14 Many old, unmaintained apps have been archived] on the forum | ||
* [https://gitlab.com/fdroid/fdroidserver/issues/323 APKs with weak signatures no longer verify, move them to the archive] on GitLab | * [https://gitlab.com/fdroid/fdroidserver/issues/323 APKs with weak signatures no longer verify, move them to the archive] on GitLab | ||
Revision as of 12:24, 27 September 2017
This APK has a known security vulnerability, found by one of the scanners in _fdroidserver_.
- current APK has a weak MD5 signature aka AntiFeature:DisabledAlgorithm
- fix by making new release or rebuild to get an APK signed with the current signature algorithms
- uses a version of OpenSSL that has known vulnerabilities
- update the app to OpenSSL 1.0.2f/1.0.1r or higher. For more info, see How to address OpenSSL vulnerabilities in your apps
