diff options
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch (renamed from debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch) | 5 | ||||
| -rw-r--r-- | debian/patches/series | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch b/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch index 8e5e404..df2ab6a 100644 --- a/debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch +++ b/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch @@ -1,10 +1,11 @@ Description: foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as an illegal shell escape character. Thanks to Michal Kowalczyk from the Google Security Team for the hint. + Add changes from upstream revision 7419. Author: Till Kamppeter <till.kamppeter@gmail.com> Bug-CVE: CVE-2015-8327 Origin: upstream -Last-Update: 2015-11-26 +Last-Update: 2015-12-13 --- a/util.c +++ b/util.c @@ -13,7 +14,7 @@ Last-Update: 2015-11-26 -const char* shellescapes = "|<>&!$\'\"#*?()[]{}"; -+const char* shellescapes = "|<>&!$\'\"`#*?()[]{}"; ++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}"; const char * temp_dir() { diff --git a/debian/patches/series b/debian/patches/series index baee154..e6a186b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,4 +3,4 @@ 0600-spelling-errors.diff 0110-fixed-segfault-when-creating-logfile.patch 0001-paps.patch -0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch +0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch |