CVE-2015-8327; rename patches

author: Jörg Frings-Fürst <debian@jff-webhosting.net> 2015-12-05 14:58:37 +0100
committer: Jörg Frings-Fürst <debian@jff-webhosting.net> 2015-12-05 14:58:37 +0100
commit: a19a390f6538d9df8f125d7498a2e5df57612387 (patch)
tree: 8368ee073c9d81f711ec5500b0e12198914dba12 /debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
parent: 314e87026787b907f8fc77f44e1b5ce79cb9528f (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch b/debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
new file mode 100644
index 0000000..8e5e404
--- /dev/null
+++ b/debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
@@ -0,0 +1,19 @@
+Description: foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as
+ an illegal shell escape character. Thanks to Michal Kowalczyk from the Google
+ Security Team for the hint.
+Author: Till Kamppeter <till.kamppeter@gmail.com>
+Bug-CVE: CVE-2015-8327
+Origin: upstream
+Last-Update: 2015-11-26
+
+--- a/util.c
++++ b/util.c
+@@ -31,7 +31,7 @@
+ #include <assert.h>
+ 
+ 
+-const char* shellescapes = "|<>&!$\'\"#*?()[]{}";
++const char* shellescapes = "|<>&!$\'\"`#*?()[]{}";
+ 
+ const char * temp_dir()
+ {
author	Jörg Frings-Fürst <debian@jff-webhosting.net>	2015-12-05 14:58:37 +0100
committer	Jörg Frings-Fürst <debian@jff-webhosting.net>	2015-12-05 14:58:37 +0100
commit	a19a390f6538d9df8f125d7498a2e5df57612387 (patch)
tree	8368ee073c9d81f711ec5500b0e12198914dba12 /debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
parent	314e87026787b907f8fc77f44e1b5ce79cb9528f (diff)