projects / poppler.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5b015a2) | patch
Properly verify adbe.pkcs7.sha1 signatures.
authorJuraj Šarinay <juraj@sarinay.com>
Thu, 6 Mar 2025 01:02:56 +0000 (02:02 +0100)
committerSalvatore Bonaccorso <carnil@debian.org>
Sun, 12 Oct 2025 18:30:50 +0000 (20:30 +0200)
commit679c1cfedc104de0429a482bdaa6ec1aa944ea69
tree3f564f7b0658cbbb27e376a445aac502ea659947tree | snapshot
parent5b015a2737bfe555edd4812a5f8aef8d76a6dc86commit | diff
Properly verify adbe.pkcs7.sha1 signatures.

For signatures with non-empty encapsulated content
(typically adbe.pkcs7.sha1), we only compared hash values and
never actually checked SignatureValue within SignerInfo.
The bug introduced by c7c0207b1cfe49a4353d6cda93dbebef4508138f
made trivial signature forgeries possible. Fix this by calling
NSS_CMSSignerInfo_Verify() after the hash values compare equal.

Origin: upstream 25.04.0

Gbp-Pq: Name CVE-2025-43903.patch
poppler/NSSCryptoSignBackend.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.