projects / services / dpkg.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b1e5810) | patch
Dpkg::Control::HashCore: Fix OpenPGP Armor Header Line parsing
authorGuillem Jover <guillem@debian.org>
Thu, 19 Mar 2015 21:51:46 +0000 (22:51 +0100)
committerSoonKyu Park <sk7.park@samsung.com>
Tue, 22 Jan 2019 01:51:06 +0000 (10:51 +0900)
commitbe7ce5ac9fbdbc1cdb2d10edc5c58f41ff38bb61
tree34716f84f538b24d630f587d2add9d18f5365bc4tree | snapshot
parentb1e5810745d37a7b73ce9d052d3b13add5774a1acommit | diff
Dpkg::Control::HashCore: Fix OpenPGP Armor Header Line parsing

We should only accept [\r\t ] as trailing whitespace, although RFC4880
does not clarify what whitespace really maps to, we should really match
the GnuPG implementation anyway, as that is what we use to verify the
signatures.

Fixes: CVE-2015-0840
Reported-by: Jann Horn <jann@thejh.net>
scripts/Dpkg/Control/Hash.pm diff | blob | history
scripts/Makefile.am diff | blob | history
scripts/t/700_Dpkg_Control.t diff | blob | history
scripts/t/700_Dpkg_Control/bogus-armor-formfeed.dsc [new file with mode: 0644] blob
Domain: SCM / CI Services;