suggestion for checking unicode characters against "trojan source attacks"

To: lintian-maint@debian.org
Subject: suggestion for checking unicode characters against "trojan source attacks"
From: Jérémy Lal <kapouer@melix.org>
Date: Mon, 1 Nov 2021 19:21:22 +0100
Message-id: <[🔎] CAJxTCxyXM9+SFUpfUPVS9kkhRgHpOyOLhd+SHDsitHaRoG9EKA@mail.gmail.com>

Hi,

the topic is about CVE-2021-42574 and CVE-2021-42694.

Some unicode control characters, bidirectional characters, are dangerous

in source code files because they can allow one to reorder source code tokens.

I wonder if lintian is already doing that kind of check, and if not, it seems to be

a good idea for lintian to check the presence of those nasty characters.

Jérémy

Reply to:

Follow-Ups:
- Re: suggestion for checking unicode characters against "trojan source attacks"
  - From: Felix Lechner <felix.lechner@lease-up.com>

Prev by Date: lintian_2.111.0~bpo11+1_amd64.changes ACCEPTED into bullseye-backports
Next by Date: Re: suggestion for checking unicode characters against "trojan source attacks"
Previous by thread: lintian_2.111.0~bpo11+1_amd64.changes ACCEPTED into bullseye-backports
Next by thread: Re: suggestion for checking unicode characters against "trojan source attacks"
Index(es):
- Date
- Thread