debian bung #807931

author: Jörg Frings-Fürst <debian@jff-webhosting.net> 2015-12-14 21:16:16 +0100
committer: Jörg Frings-Fürst <debian@jff-webhosting.net> 2015-12-14 21:16:16 +0100
commit: a3abbef2d2f8c7e62d2fe64f64afe294563fdf8f (patch)
tree: 4fc12fb380a9ba17e271f349be47ce3dd7daec2a /debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
parent: 80e944b1eb113f62bc509f94392e7f03c54a140e (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch b/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
new file mode 100644
index 0000000..df2ab6a
--- /dev/null
+++ b/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
@@ -0,0 +1,20 @@
+Description: foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as
+ an illegal shell escape character. Thanks to Michal Kowalczyk from the Google
+ Security Team for the hint.
+ Add changes from upstream revision 7419.
+Author: Till Kamppeter <till.kamppeter@gmail.com>
+Bug-CVE: CVE-2015-8327
+Origin: upstream
+Last-Update: 2015-12-13
+
+--- a/util.c
++++ b/util.c
+@@ -31,7 +31,7 @@
+ #include <assert.h>
+ 
+ 
+-const char* shellescapes = "|<>&!$\'\"#*?()[]{}";
++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}";
+ 
+ const char * temp_dir()
+ {
author	Jörg Frings-Fürst <debian@jff-webhosting.net>	2015-12-14 21:16:16 +0100
committer	Jörg Frings-Fürst <debian@jff-webhosting.net>	2015-12-14 21:16:16 +0100
commit	a3abbef2d2f8c7e62d2fe64f64afe294563fdf8f (patch)
tree	4fc12fb380a9ba17e271f349be47ce3dd7daec2a /debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
parent	80e944b1eb113f62bc509f94392e7f03c54a140e (diff)