projects / poppler.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 160d527) | patch
Properly verify adbe.pkcs7.sha1 signatures.
authorJuraj Šarinay <juraj@sarinay.com>
Thu, 6 Mar 2025 01:02:56 +0000 (02:02 +0100)
committerJeremy Bícha <jbicha@ubuntu.com>
Fri, 18 Apr 2025 22:16:32 +0000 (18:16 -0400)
commitdc464e5f8ed83288ef1519ca0176e7faaff929e2
tree57d3aee3d8fb5c6c4293088a3e63835b9c91772atree | snapshot
parent160d52734be889870ed6d273b84bd339bcfb18edcommit | diff
Properly verify adbe.pkcs7.sha1 signatures.

For signatures with non-empty encapsulated content
(typically adbe.pkcs7.sha1), we only compared hash values and
never actually checked SignatureValue within SignerInfo.
The bug introduced by c7c0207b1cfe49a4353d6cda93dbebef4508138f
made trivial signature forgeries possible. Fix this by calling
NSS_CMSSignerInfo_Verify() after the hash values compare equal.

Origin: upstream 25.04.0

Gbp-Pq: Name CVE-2025-43903.patch
poppler/NSSCryptoSignBackend.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.