Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=959454
Bug ID: 959454
Summary: plexus-digest: do not use algorithm name as regular
expression
Product: Fedora
Version: rawhide
Component: plexus-digest
Severity: unspecified
Priority: unspecified
Assignee: sochotni(a)redhat.com
Reporter: fweimer(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
jcapik(a)redhat.com, mizdebsk(a)redhat.com,
msrb(a)redhat.com, overholt(a)gmail.com,
sochotni(a)redhat.com, tradej(a)redhat.com
Blocks: 959453
Category: ---
In org.codehaus.plexus.digest.DigestUtils.cleanChecksum(String, String,
String), the second parameter is used as part of the regular expression.
Compiling the resulting regular expression can result in a VM error with a
crafted algorithm name. The regular expression should be a constant, with a
capture group for the algorithm name, and the name should be checked after
matching.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=k7YPjOe1Ue&a=cc_unsubscribe