Page MenuHomePhabricator
Create Task
Maniphest T366

Fix CVE-2018-12356 by hardening the regex.
Open, NormalPublic
Actions

Description

0001-Fix-CVE-2018-12356-by-hardening-the-regex.patch926 BDownload

Event Timeline

Rahul_G created this task.Jun 23 2018, 06:44
loganaden added a subscriber: loganaden.Jun 23 2018, 08:07
Rahul_G removed Rahul_G as the assignee of this task.Jun 23 2018, 13:46
Rahul_G triaged this task as Normal priority.
PenTesting added a subscriber: PenTesting.Jun 1 2019, 11:15

Hi,
Is there a reason for still holding this CVE fix open? Simply commit and forget about it.

Detailed write-up:
https://neopg.io/blog/pass-signature-spoof/

PR Reference:
https://github.com/bitcoin/bitcoin/pull/13479
https://github.com/BitcoinUnlimited/BitcoinUnlimited/pull/1147

deadalnix added a subscriber: deadalnix.Jun 1 2019, 12:49

The main reason is that we aren't using that script, that therefore it is low priority to do so and that no diff has been open for it.

suthem-969 added a subscriber: suthem-969.Thu, Nov 21, 16:07