summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhosting.net>2015-12-14 21:16:16 +0100
committerJörg Frings-Fürst <debian@jff-webhosting.net>2015-12-14 21:16:16 +0100
commita3abbef2d2f8c7e62d2fe64f64afe294563fdf8f (patch)
tree4fc12fb380a9ba17e271f349be47ce3dd7daec2a
parent80e944b1eb113f62bc509f94392e7f03c54a140e (diff)
debian bung #807931
-rw-r--r--debian/changelog8
-rw-r--r--debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch (renamed from debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch)5
-rw-r--r--debian/patches/series2
3 files changed, 9 insertions, 6 deletions
diff --git a/debian/changelog b/debian/changelog
index 409ba78..662c083 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,14 +1,16 @@
foomatic-filters (4.0.17-7) unstable; urgency=high
- * New patch debian/patches/0115-r7406_also_consider_the_back_\
- tick_as_an_illegal_shell_escape_character.patch (Closes: #806886)
+ * New patch debian/patches/0500-r7406_also_consider_the_back_\
+ tick_as_an_illegal_shell_escape_character.patch
+ (Closes: #806886, #807931)
+ CVE-2015-8327 Insufficient script injection prevention.
+ - Add changes from upstream revision 7419.
* Rename patches.
* To prevent build warnings:
- debian/control: Add autotools-dev and autoconf to Buld-Depends.
- debian/rules: Add --with autotools-dev.
- -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sat, 12 Dec 2015 14:13:50 +0100
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 13 Dec 2015 13:26:43 +0100
foomatic-filters (4.0.17-6) unstable; urgency=low
diff --git a/debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch b/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
index 8e5e404..df2ab6a 100644
--- a/debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
+++ b/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
@@ -1,10 +1,11 @@
Description: foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as
an illegal shell escape character. Thanks to Michal Kowalczyk from the Google
Security Team for the hint.
+ Add changes from upstream revision 7419.
Author: Till Kamppeter <till.kamppeter@gmail.com>
Bug-CVE: CVE-2015-8327
Origin: upstream
-Last-Update: 2015-11-26
+Last-Update: 2015-12-13
--- a/util.c
+++ b/util.c
@@ -13,7 +14,7 @@ Last-Update: 2015-11-26
-const char* shellescapes = "|<>&!$\'\"#*?()[]{}";
-+const char* shellescapes = "|<>&!$\'\"`#*?()[]{}";
++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}";
const char * temp_dir()
{
diff --git a/debian/patches/series b/debian/patches/series
index baee154..e6a186b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,4 +3,4 @@
0600-spelling-errors.diff
0110-fixed-segfault-when-creating-logfile.patch
0001-paps.patch
-0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
+0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch