diff options
author | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2015-12-14 21:16:16 +0100 |
---|---|---|
committer | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2015-12-14 21:16:16 +0100 |
commit | a3abbef2d2f8c7e62d2fe64f64afe294563fdf8f (patch) | |
tree | 4fc12fb380a9ba17e271f349be47ce3dd7daec2a | |
parent | 80e944b1eb113f62bc509f94392e7f03c54a140e (diff) |
debian bung #807931
-rw-r--r-- | debian/changelog | 8 | ||||
-rw-r--r-- | debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch (renamed from debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch) | 5 | ||||
-rw-r--r-- | debian/patches/series | 2 |
3 files changed, 9 insertions, 6 deletions
diff --git a/debian/changelog b/debian/changelog index 409ba78..662c083 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,14 +1,16 @@ foomatic-filters (4.0.17-7) unstable; urgency=high - * New patch debian/patches/0115-r7406_also_consider_the_back_\ - tick_as_an_illegal_shell_escape_character.patch (Closes: #806886) + * New patch debian/patches/0500-r7406_also_consider_the_back_\ + tick_as_an_illegal_shell_escape_character.patch + (Closes: #806886, #807931) + CVE-2015-8327 Insufficient script injection prevention. + - Add changes from upstream revision 7419. * Rename patches. * To prevent build warnings: - debian/control: Add autotools-dev and autoconf to Buld-Depends. - debian/rules: Add --with autotools-dev. - -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sat, 12 Dec 2015 14:13:50 +0100 + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 13 Dec 2015 13:26:43 +0100 foomatic-filters (4.0.17-6) unstable; urgency=low diff --git a/debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch b/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch index 8e5e404..df2ab6a 100644 --- a/debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch +++ b/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch @@ -1,10 +1,11 @@ Description: foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as an illegal shell escape character. Thanks to Michal Kowalczyk from the Google Security Team for the hint. + Add changes from upstream revision 7419. Author: Till Kamppeter <till.kamppeter@gmail.com> Bug-CVE: CVE-2015-8327 Origin: upstream -Last-Update: 2015-11-26 +Last-Update: 2015-12-13 --- a/util.c +++ b/util.c @@ -13,7 +14,7 @@ Last-Update: 2015-11-26 -const char* shellescapes = "|<>&!$\'\"#*?()[]{}"; -+const char* shellescapes = "|<>&!$\'\"`#*?()[]{}"; ++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}"; const char * temp_dir() { diff --git a/debian/patches/series b/debian/patches/series index baee154..e6a186b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,4 +3,4 @@ 0600-spelling-errors.diff 0110-fixed-segfault-when-creating-logfile.patch 0001-paps.patch -0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch +0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch |