← Back to index
|
Original Bugzilla link
Bug 22465 – Unicode Trojan Source Vulnerability
Status
RESOLVED
Resolution
FIXED
Severity
major
Priority
P2
Component
dmd
Product
D
Version
D2
Platform
All
OS
All
Creation time
2021-11-01T18:20:11Z
Last change time
2023-04-13T11:13:18Z
Assigned to
No Owner
Creator
Walter Bright
See also
https://issues.dlang.org/show_bug.cgi?id=22495
Comments
Comment #0
by bugzilla — 2021-11-01T18:20:11Z
Source code can be maliciously encoded with Unicode characters in comments, string literals, and character literals so source code can be different than what it visually appears to be. As documented:
https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/
https://www.trojansource.codes/trojan-source.pdf
https://news.ycombinator.com/item?id=29062982
Comment #1
by Ajieskola — 2023-03-03T19:44:33Z
The related issue is solved, can this now also be closed as fixed or is there anything left to do?