Processing commands for cont...@bugs.debian.org:
> retitle 807930 cups-filters: CVE-2015-8560: code execution via improper
> escaping of ; in foomatic-rip
Bug #807930 [cups-filters] cups-filters: code execution via improper escaping
of ; in foomatic-rip
Changed Bug title to 'cups-filters: CVE-20
On 12/14/2015 10:06 PM, Samuel Thibault wrote:
Hello,
Till Kamppeter, on Mon 14 Dec 2015 21:52:45 -0200, wrote:
Note that this time I have already done everything in the Debian GIT
repository, as for the Braille embossing support there is a new dependency
on liblouis and a lot of new files.
J
Hello,
Till Kamppeter, on Mon 14 Dec 2015 21:52:45 -0200, wrote:
> Note that this time I have already done everything in the Debian GIT
> repository, as for the Braille embossing support there is a new dependency
> on liblouis and a lot of new files.
Just a little more change: the cups-filters pa
On 12/14/2015 07:32 PM, cve-ass...@mitre.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
There was another commit in cups-filters upstream (revision 7419) as
well adding (;) to the set of illegal shell escape characters:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-fi
On 12/14/2015 01:30 PM, Didier 'OdyX' Raboud wrote:
I'm likely to wait for 1.4.0 upstream release for an upload to unstable,
and will then prepare the package for jessie (if the Security Team
agrees).
I have 1.4.0 released upstream now, including the fix. I have also
updated the Debian packagi
Hi,
I have released cups-filters 1.4.0 now, with the following changes:
- foomatic-rip: SECURITY FIX: Also consider the semicolon
(';') as an illegal shell escape character. Thanks to Adam
Chester (adam dot chester at pentest dot co dot uk) for the
hint (CVE
Attached is the upstream patch with proper DEP-3 headers.
If you need help to prepare the packages for Jessie and Wheezy, feel
free to ask me ;-)
Cheers
Description: foomatic-rip: SECURITY FIX: Also consider the semicolon (';') as an
illegal shell escape character.
Author: Till Kamppeter
Origin
Processing commands for cont...@bugs.debian.org:
> found 807930 1.0.42-1
Bug #807930 [cups-filters] cups-filters: code execution via improper escaping
of ; in foomatic-rip
Ignoring request to alter found versions of bug #807930 to the same values
previously set
> notfound 807930 1.3.0-1
Bug #807
Processing commands for cont...@bugs.debian.org:
> found 807930 1.0.42-1
Bug #807930 [cups-filters] cups-filters: code execution via improper escaping
of ; in foomatic-rip
Marked as found in versions cups-filters/1.0.42-1.
> notfound 1.3.0-1
Unknown command or malformed arguments to command.
> no
Processing commands for cont...@bugs.debian.org:
> # please don't use TEMP identifiers
> retitle 807930 cups-filters: code execution via improper escaping of ; in
> foomatic-rip
Bug #807930 [cups-filters] TEMP-000-166C73 code execution via improper
escaping of ; in foomatic-rip
Changed Bug t
Processing commands for cont...@bugs.debian.org:
> found 807930 1.0.61-5+deb8u2
Bug #807930 [cups-filters] TEMP-000-166C73 code execution via improper
escaping of ; in foomatic-rip
Marked as found in versions cups-filters/1.0.61-5+deb8u2.
> Ce message et toutes les pièces jointes (ci-après le
Processing commands for cont...@bugs.debian.org:
> found 807930 1.3.0-1
Bug #807930 [cups-filters] TEMP-000-166C73 code execution via improper
escaping of ; in foomatic-rip
Marked as found in versions cups-filters/1.3.0-1.
> notfound 807930 1.0.18-2.1+deb7u2
Bug #807930 [cups-filters] TEMP-00
Control: tags -1 +patch +upstream +fixed-upstream
Le lundi, 14 décembre 2015, 15.45:31 Yann Soubeyrand a écrit :
> There is a patch upstream for this vulnerability:
> https://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419.
Thanks for the hint.
I'm likely to wait for 1
Processing control commands:
> tags -1 +patch +upstream +fixed-upstream
Bug #807930 [cups-filters] TEMP-000-166C73 code execution via improper
escaping of ; in foomatic-rip
Added tag(s) patch.
Bug #807930 [cups-filters] TEMP-000-166C73 code execution via improper
escaping of ; in foomati
Package: cups-filters
Severity: important
Tags: security upstream
There is a patch upstream for this vulnerability:
https://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419.
15 matches
Mail list logo