[Secure-testing-team] Bug#806886: CVE-2015-8327 Insufficient script injection prevention
Didier 'OdyX' Raboud
odyx at debian.org
Wed Dec 2 13:43:45 UTC 2015
Package: foomatic-filters
Version: 4.0-20090301-1
Severity: important
Tags: security upstream
Hi,
cups-filters 1.2.0 was released last Tuesday with a security fix for
CVE-2015-8327 in foomatic-rip/util.c:
> foomatic-rip: SECURITY FIX: Also consider the back tick
> ('`') as an illegal shell escape character. Thanks to Michal
> Kowalczyk from the Google Security Team for the hint (CVE-2015-8327).
cups-filters 1.2.0 is fixed and a security upload for its version in stable has
already been uploaded, but foomatic-filters is also affected in all suites, as
the culprit code exists since 4.0-20090301.
The patch is straightforward, and is attached to this bugreport.
Cheers,
OdyX
-------------- next part --------------
A non-text attachment was scrubbed...
Name: r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch
Type: text/x-diff
Size: 503 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20151202/29766f24/attachment.patch>
More information about the Secure-testing-team
mailing list