[Rpm-maint] [rpm-software-management/rpm] invalid signature tag Archivesize on rpm packages created by install4j (#1635)
Demi Marie Obenour
notifications at github.com
Mon May 10 15:30:56 UTC 2021
> @pmatilai Could you please share if any ETA on the fix? If this takes longer, we can implement workarounds to downgrade in our applications rather than waiting for the actual fix.
Please do not downgrade; this exposes you to a severe security hole (CVE-2021-20271) that allows for signature verification bypass and remote code execution. I will make a PR here, but please file a support ticket with install4j.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1635#issuecomment-836842779
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210510/b20c8463/attachment.html>
More information about the Rpm-maint
mailing list