CVE-2023-21253

)]}’ { "commit": "84df68840b6f2407146e722ebd95a7d8bc6e3529", "tree": "fa1d11ee55cadaec79afb4b3e328a68efcb90e62", "parents": [ “57946e2bb73850e817b3c01fa5350d705e178e39” ], "author": { "name": "Michael Groover", "email": "[email protected]", "time": “Fri Mar 31 21:31:22 2023 +0000” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu May 11 18:40:02 2023 +0000” }, "message": "Limit the number of supported v1 and v2 signers\n\nThe v1 and v2 APK Signature Schemes support multiple signers; this\nwas intended to allow multiple entities to sign an APK. Previously,\nthe platform had no limits placed on the number of signers supported\nin an APK, but this commit sets a hard limit of 10 supported signers\nfor these signature schemes to ensure a large number of signers\ndoes not place undue burden on the platform.\n\nBug: 266580022\nTest: Manually verified the platform only allowed an APK with the\n maximum number of supported signers.\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6f6ee8a55f37c2b8c0df041b2bd53ec928764597)\nMerged-In: I6aa86b615b203cdc69d58a593ccf8f18474ca091\nChange-Id: I6aa86b615b203cdc69d58a593ccf8f18474ca091\n", "tree_diff": [ { "type": "modify", "old_id": "c8c1fd4eba21b64e1ecfc1c4909085dcbd1b3395", "old_mode": 33188, "old_path": "core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java", "new_id": "9801559854f931765f273395bae7398a2c7114eb", "new_mode": 33188, "new_path": “core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java” }, { "type": "modify", "old_id": "45254908c5c967400cfeb77b3f3f873f72ae9571", "old_mode": 33188, "old_path": "core/java/android/util/jar/StrictJarVerifier.java", "new_id": "a6aca330d323ebf85f74d6aaa59ccc1894fbb91f", "new_mode": 33188, "new_path": “core/java/android/util/jar/StrictJarVerifier.java” } ] }