Lintian ReportsBETA

Tag versions

Punicode-trojan

The tag is present in Lintian version 2.113.26. That is the most recent version we know about.

We use semantic versions. The patch number is a commit step indicator relative to the 2.113.0 release tag in our Git repository.

You can find the detection logic for this version at commit 43a81d7. For merge requests, please use the latest version in the Lintian check files/unicode/trojan.

This tag is experimental.

Visibility: pedantic

The named text file contains a Unicode codepoint that has been identified as a potential security risk.

There are two distinct attack vectors. One is homoglyphs in which text looks confusingly similar to what a reader might expects, but is actually different. The second is birectional attacks, in which the rendered text hides potentially malicious characters.

Here are the relevant codepoints:

You can also run a similar check in your shell with that command:

grep -r $'[\u061C\u200E\u200F\u202A\u202B\u202C\u202D\u202E\u2066\u2067\u2068\u2069]'

The registered vulnerabilities are CVE-2021-42694 ("Homoglyph") and CVE-2021-42574 ("Bidirectional Attack").

For more information please consult:

The following 8 source packages in the archive triggered the tag 30 times (in any Lintian version).

There were no overrides.