[Bug 1805447] [NEW] Untrusted package names are mishandled as blacklist regexps
Balint Reczey
balint.reczey at canonical.com
Tue Nov 27 14:32:20 UTC 2018
Public bug reported:
...
if not item.is_trusted:
blacklisted_pkgs.append(pkgname_from_deb(item.destfile))
...
check_changes_for_sanity(..., blacklisted_pkgs, ...)
...
is_pkg_change_allowed(pkg, blacklist, whitelist)
...
if is_pkgname_in_blacklist(pkg.name, blacklist):
...
for blacklist_regexp in blacklist:
if re.match(blacklist_regexp, pkgname):
....
** Affects: unattended-upgrades (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1805447
Title:
Untrusted package names are mishandled as blacklist regexps
Status in unattended-upgrades package in Ubuntu:
New
Bug description:
...
if not item.is_trusted:
blacklisted_pkgs.append(pkgname_from_deb(item.destfile))
...
check_changes_for_sanity(..., blacklisted_pkgs, ...)
...
is_pkg_change_allowed(pkg, blacklist, whitelist)
...
if is_pkgname_in_blacklist(pkg.name, blacklist):
...
for blacklist_regexp in blacklist:
if re.match(blacklist_regexp, pkgname):
....
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1805447/+subscriptions
More information about the foundations-bugs
mailing list