CVE-2023-21285

)]}’ { "commit": "0c3b7ec3377e7fb645ec366be3be96bb1a252ca1", "tree": "222d88340ccc012d992e39a87f195bf64b661b69", "parents": [ “9b58aee2a4528c60b0aa2540bd0f48d2871d2dc7” ], "author": { "name": "Michael Mikhail", "email": "[email protected]", "time": “Fri May 26 19:41:21 2023 +0000” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:34:25 2023 +0000” }, "message": "DO NOT MERGE\nVerify URI permissions in MediaMetadata\n\nAdd a check for URI permission to make sure that user can access the URI\nset in MediaMetadata. If permission is denied, clear the URI string set\nin metadata.\n\nBug: 271851153\nTest: atest MediaSessionTest\nTest: Verified by POC app attached in bug, image of second user is not\nthe UMO background of the first user.\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:277e7e05866a3da3c5871c071231b2b7c911d81e)\nMerged-In: I932d5d5143998db89d7132ced84faffa4a0bd5aa\nChange-Id: I932d5d5143998db89d7132ced84faffa4a0bd5aa\n", "tree_diff": [ { "type": "modify", "old_id": "cc4895ffaf24a7a3e0bab6d4c364801ea7b72d14", "old_mode": 33188, "old_path": "services/core/java/com/android/server/media/MediaSessionRecord.java", "new_id": "b459cfe6b44eb8575123a1efdfb58acac91ca2b0", "new_mode": 33188, "new_path": “services/core/java/com/android/server/media/MediaSessionRecord.java” } ] }