[Bug 1805447] [NEW] Untrusted package names are mishandled as blacklist regexps

Balint Reczey Tue, 27 Nov 2018 06:41:05 -0800

Public bug reported:

...
if not item.is_trusted:
   blacklisted_pkgs.append(pkgname_from_deb(item.destfile))
...
check_changes_for_sanity(..., blacklisted_pkgs, ...)
...
is_pkg_change_allowed(pkg, blacklist, whitelist)
...
if is_pkgname_in_blacklist(pkg.name, blacklist):
...
for blacklist_regexp in blacklist:
   if re.match(blacklist_regexp, pkgname):
....


** Affects: unattended-upgrades (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1805447

Title:
  Untrusted package names are mishandled as blacklist regexps

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1805447/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1805447] [NEW] Untrusted package names are mishandled as blacklist regexps

Reply via email to