1
0
Fork 0
mirror of https://github.com/ytdl-org/youtube-dl.git synced 2024-12-22 08:47:41 +00:00
youtube-dl/youtube_dl
Filippo Valsorda 4d318be195 [update] fix (unexploitable) BB'06 vulnerability in rsa_verify
The rsa_verify code was vulnerable to a BB'06 attack, allowing to forge
signatures for arbitrary messages if and only if the public key exponent is
3.  Since the updates key is hardcoded to 65537, there is no risk for
youtube-dl, but I don't want vulnerable code in the wild.

The new function adopts a way safer approach of encoding-and-comparing to
replace the dangerous parsing code.
2016-01-21 20:12:17 +00:00
..
downloader [downloader/hls] Ask ffmpeg to quit when interrupting youtube-dl with 'Ctrl+C' (#8252) 2016-01-19 22:07:14 +01:00
extractor [iqiyi] Update key (closes #8292) 2016-01-22 02:14:47 +08:00
postprocessor [FFmpegPostProcessor] Default of prefer ffmpeg 2015-12-09 20:56:00 -03:00
__init__.py Using internal opener 2015-11-10 17:15:23 +02:00
__main__.py Use insert for all sys.path manipulations 2015-09-26 22:04:41 +02:00
aes.py [aes] Fix for python 3.2 2015-05-22 00:06:10 +06:00
cache.py
compat.py [compat] Clarify the versions requiring compat_kwargs 2016-01-16 22:17:31 +08:00
jsinterp.py [jsinterp] Extend function regex (Closes #7900, closes #7901) 2015-12-18 18:57:49 +06:00
options.py [options] Prefer --convert-subs spelling 2015-12-30 23:12:35 +06:00
swfinterp.py Fix typos 2016-01-10 17:24:28 +01:00
update.py [update] fix (unexploitable) BB'06 vulnerability in rsa_verify 2016-01-21 20:12:17 +00:00
utils.py Revert "fix typos" 2016-01-10 19:27:22 +01:00
version.py release 2016.01.15 2016-01-15 19:43:04 +01:00
YoutubeDL.py [YoutubeDL] Ensure protocol is always present 2016-01-16 10:10:28 +06:00