Candidate: CVE-2015-6627
PublicDate: 2015-12-08 23:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6627
 http://source.android.com/security/bulletin/2015-12-01.html
Description:
 The Audio component in Android before 5.1.1 LMY48Z and 6.0 before
 2015-12-01 allows remote attackers to obtain sensitive information via a
 crafted audio file, as demonstrated by obtaining Signature or
 SignatureOrSystem access, aka internal bug 24211743.
Ubuntu-Description:
Notes:
 seth-arnold> Similar code exists in FastMixer.cpp
 jdstrand> Ubuntu does not use AudioFlinger
Bugs:
Priority: medium
Discovered-by: Tzu-Yin "Nina" Tai
Assigned-to:
CVSS: 

Patches_android:
 upstream: https://android.googlesource.com/platform/frameworks/av/+/8c987fa71326eb0cc504959a5ebb440410d73180%5E%21/
upstream_android: released (6.0 2015-12-01)
precise_android: DNE
trusty_android: ignored
trusty/esm_android: DNE (trusty was ignored)
vivid_android: ignored
vivid/stable-phone-overlay_android: ignored
vivid/ubuntu-core_android: DNE
wily_android: ignored
devel_android: ignored