From a3abbef2d2f8c7e62d2fe64f64afe294563fdf8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Mon, 14 Dec 2015 21:16:16 +0100 Subject: debian bung #807931 --- debian/changelog | 8 +++++--- ...k_tick_as_an_illegal_shell_escape_character.patch | 19 ------------------- ...k_tick_as_an_illegal_shell_escape_character.patch | 20 ++++++++++++++++++++ debian/patches/series | 2 +- 4 files changed, 26 insertions(+), 23 deletions(-) delete mode 100644 debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch create mode 100644 debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch diff --git a/debian/changelog b/debian/changelog index 409ba78..662c083 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,14 +1,16 @@ foomatic-filters (4.0.17-7) unstable; urgency=high - * New patch debian/patches/0115-r7406_also_consider_the_back_\ - tick_as_an_illegal_shell_escape_character.patch (Closes: #806886) + * New patch debian/patches/0500-r7406_also_consider_the_back_\ + tick_as_an_illegal_shell_escape_character.patch + (Closes: #806886, #807931) + CVE-2015-8327 Insufficient script injection prevention. + - Add changes from upstream revision 7419. * Rename patches. * To prevent build warnings: - debian/control: Add autotools-dev and autoconf to Buld-Depends. - debian/rules: Add --with autotools-dev. - -- Jörg Frings-Fürst Sat, 12 Dec 2015 14:13:50 +0100 + -- Jörg Frings-Fürst Sun, 13 Dec 2015 13:26:43 +0100 foomatic-filters (4.0.17-6) unstable; urgency=low diff --git a/debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch b/debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch deleted file mode 100644 index 8e5e404..0000000 --- a/debian/patches/0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch +++ /dev/null @@ -1,19 +0,0 @@ -Description: foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as - an illegal shell escape character. Thanks to Michal Kowalczyk from the Google - Security Team for the hint. -Author: Till Kamppeter -Bug-CVE: CVE-2015-8327 -Origin: upstream -Last-Update: 2015-11-26 - ---- a/util.c -+++ b/util.c -@@ -31,7 +31,7 @@ - #include - - --const char* shellescapes = "|<>&!$\'\"#*?()[]{}"; -+const char* shellescapes = "|<>&!$\'\"`#*?()[]{}"; - - const char * temp_dir() - { diff --git a/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch b/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch new file mode 100644 index 0000000..df2ab6a --- /dev/null +++ b/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch @@ -0,0 +1,20 @@ +Description: foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as + an illegal shell escape character. Thanks to Michal Kowalczyk from the Google + Security Team for the hint. + Add changes from upstream revision 7419. +Author: Till Kamppeter +Bug-CVE: CVE-2015-8327 +Origin: upstream +Last-Update: 2015-12-13 + +--- a/util.c ++++ b/util.c +@@ -31,7 +31,7 @@ + #include + + +-const char* shellescapes = "|<>&!$\'\"#*?()[]{}"; ++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}"; + + const char * temp_dir() + { diff --git a/debian/patches/series b/debian/patches/series index baee154..e6a186b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,4 +3,4 @@ 0600-spelling-errors.diff 0110-fixed-segfault-when-creating-logfile.patch 0001-paps.patch -0115-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch +0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch -- cgit v1.2.3