Package: foomatic-filters
Version: 4.0-20090301-1
Severity: important
Tags: security upstream
Hi,
cups-filters 1.2.0 was released last Tuesday with a security fix for
CVE-2015-8327 in foomatic-rip/util.c:
> foomatic-rip: SECURITY FIX: Also consider the back tick
> ('`') as an illegal shell escape character. Thanks to Michal
> Kowalczyk from the Google Security Team for the hint (CVE-2015-8327).
cups-filters 1.2.0 is fixed and a security upload for its version in stable has
already been uploaded, but foomatic-filters is also affected in all suites, as
the culprit code exists since 4.0-20090301.
The patch is straightforward, and is attached to this bugreport.
Cheers,
OdyX
Description: foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as
an illegal shell escape character. Thanks to Michal Kowalczyk from the Google
Security Team for the hint.
Author: Till Kamppeter <till.kamppe...@gmail.com>
Bug-CVE: CVE-2015-8327
Origin: upstream
Last-Update: 2015-11-26
--- a/util.c
+++ b/util.c
@@ -31,7 +31,7 @@
#include <assert.h>
-const char* shellescapes = "|<>&!$\'\"#*?()[]{}";
+const char* shellescapes = "|<>&!$\'\"`#*?()[]{}";
const char * temp_dir()
{
