Conversation

Notices

1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 25-Jul-2021 14:29:36 EDT lnxw48a1
   Serious information disclosure bug in #Signal on #Android https://github.com/signalapp/Signal-Android/issues/10247
   
   Attaching a photo also attaches photos from other conversations.
   1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Sunday, 25-Jul-2021 14:39:23 EDT GeniusMusing

      in reply to
      Looks like it has been fixed but still a big PII oops.
      
      Images from another user displayed in message · Issue 10247 · signalapp/Signal-Android
      https://github.com/signalapp/Signal-Android/issues/10247
      
      >greyson-signal commented 14 minutes ago
      >
      >Hi there, sorry, this issue was fixed in 5.17 (which hit 100% production on 7/21). There was another issue tracking this and it looks like I forgot to close this one.
      >
      >For some background, this bug came about as a rare intersection of some database properties and a separate bug. The TL;DR is that if someone had conversation trimming on, it could create a rare situation where a database ID was re-used in a way that could result in this behavior. It was very difficult to track down, with earlier phases involving getting additional logging into builds. Once we had some more information, it did in fact become our top priority, a fix was made, and we got it out as quickly and as safely as possible. The fix itself should make it so that database issues like the one that caused this bug can't happen again.