Problems while searching for a new upstream version
high
uscan had problems while searching for a new upstream version:
In debian/watch no matching files for watch line
https://android.googlesource.com/platform/system/core/+refs [\w\/]+\+archive\/android-([0-9\.]+)_r(\d+|\d+\.\d+|\w)(\.tar\.gz) debian uupdate
CVE-2014-7952: The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.
CVE-2014-7952: The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.
2 issues skipped by the security teams:
CVE-2016-3890: The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842.
CVE-2014-1909: Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow.
CVE-2014-7952: The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.
CVE-2014-7952: The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/a/android-platform-system-core.png){kind=link}