Commit 5eb01ec1 authored Jan 18, 2019 by Julian Andres Klode

SECURITY UPDATE: content injection in http method (CVE-2019-3462)

This fixes a security issue that can be exploited to inject arbritrary debs
or other files into a signed repository as followed:

(1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is
    \n encoded)
(2) apt method decodes the redirect (because the method encodes the URLs before
    sending them out), writting something like
    somewhere\n
    <headers>
    into its output
(3) apt then uses the headers injected for validation purposes.

Regression-Of: c34ea12a
LP: #1812353

parent b1314a7f

Show whitespace changes

Inline Side-by-side

Julian Andres Klode @jak
mentioned in commit c31d65e7
· Jan 22, 2019

mentioned in commit c31d65e7

mentioned in commit c31d65e76810f72c356e381818174bf100605de7

Toggle commit list
David Kalnischkies @donkult
mentioned in commit 4200469b
· Jan 24, 2019

mentioned in commit 4200469b

mentioned in commit 4200469bb5a14c4659285917ed30c46a0b15c286

Toggle commit list

Please register or to comment