diff options
Diffstat (limited to 'debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch')
-rw-r--r-- | debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch b/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch new file mode 100644 index 0000000..df2ab6a --- /dev/null +++ b/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch @@ -0,0 +1,20 @@ +Description: foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as + an illegal shell escape character. Thanks to Michal Kowalczyk from the Google + Security Team for the hint. + Add changes from upstream revision 7419. +Author: Till Kamppeter <till.kamppeter@gmail.com> +Bug-CVE: CVE-2015-8327 +Origin: upstream +Last-Update: 2015-12-13 + +--- a/util.c ++++ b/util.c +@@ -31,7 +31,7 @@ + #include <assert.h> + + +-const char* shellescapes = "|<>&!$\'\"#*?()[]{}"; ++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}"; + + const char * temp_dir() + { |