This is CVE-2015-7946 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-7946
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1525981 Title: Device can be tricked into exposing mtp service without being unlocked first Status in unity8 package in Ubuntu: In Progress Bug description: Steps to reproduce: - Boot your phone up (notice mtp is not accessible) - Start to make an emergency call (notice mtp is not accessible) - Cancel emergency call and go back to greeter (notice mtp IS accessible) That's bad. This happens because mtp-server pays attention to the greeter saying it's active over DBus. And the first time it says it's active, mtp- server makes itself available. I believe the greeter has a bug where it briefly says it's inactive when transitioning between emergency dialer and the greeter. We should close that gap (once I confirm it exists). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1525981/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp