projects / poppler.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1150c58) | patch
Properly verify adbe.pkcs7.sha1 signatures.
authorJuraj Šarinay <juraj@sarinay.com>
Thu, 6 Mar 2025 01:02:56 +0000 (02:02 +0100)
committerJeremy Bícha <jbicha@ubuntu.com>
Mon, 28 Jul 2025 08:55:12 +0000 (10:55 +0200)
commitad97feeb70808c40353da7cfe77441dc24b7fc31
tree77923f1a7f4a91b399dc75cb823672accf28eb80tree | snapshot
parent1150c58c0608aa4e44c49b7a48844b714a30e3eccommit | diff
Properly verify adbe.pkcs7.sha1 signatures.

For signatures with non-empty encapsulated content
(typically adbe.pkcs7.sha1), we only compared hash values and
never actually checked SignatureValue within SignerInfo.
The bug introduced by c7c0207b1cfe49a4353d6cda93dbebef4508138f
made trivial signature forgeries possible. Fix this by calling
NSS_CMSSignerInfo_Verify() after the hash values compare equal.

Origin: upstream 25.04.0

Gbp-Pq: Name CVE-2025-43903.patch
poppler/NSSCryptoSignBackend.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.