Page MenuHomePhabricator

Fix CVE-2018-12356 by hardening the regex.
Open, NormalPublic

Description

Event Timeline

Rahul_G created this task.Jun 23 2018, 06:44
Rahul_G removed Rahul_G as the assignee of this task.Jun 23 2018, 13:46
Rahul_G triaged this task as Normal priority.

Hi,
Is there a reason for still holding this CVE fix open? Simply commit and forget about it.

Detailed write-up:
https://neopg.io/blog/pass-signature-spoof/

PR Reference:
https://github.com/bitcoin/bitcoin/pull/13479
https://github.com/BitcoinUnlimited/BitcoinUnlimited/pull/1147

The main reason is that we aren't using that script, that therefore it is low priority to do so and that no diff has been open for it.