Public bug reported:
...
if not item.is_trusted:
blacklisted_pkgs.append(pkgname_from_deb(item.destfile))
...
check_changes_for_sanity(..., blacklisted_pkgs, ...)
...
is_pkg_change_allowed(pkg, blacklist, whitelist)
...
if is_pkgname_in_blacklist(pkg.name, blacklist):
...
for blacklist_regexp in blacklist:
if re.match(blacklist_regexp, pkgname):
....
** Affects: unattended-upgrades (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1805447
Title:
Untrusted package names are mishandled as blacklist regexps
Status in unattended-upgrades package in Ubuntu:
New
Bug description:
...
if not item.is_trusted:
blacklisted_pkgs.append(pkgname_from_deb(item.destfile))
...
check_changes_for_sanity(..., blacklisted_pkgs, ...)
...
is_pkg_change_allowed(pkg, blacklist, whitelist)
...
if is_pkgname_in_blacklist(pkg.name, blacklist):
...
for blacklist_regexp in blacklist:
if re.match(blacklist_regexp, pkgname):
....
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1805447/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
