Bug#807930: cups-filters: code execution via improper escaping of ; in foomatic-rip

To: 807930@bugs.debian.org
Subject: Bug#807930: cups-filters: code execution via improper escaping of ; in foomatic-rip
From: Yann Soubeyrand <yann-externe.soubeyrand@edf.fr>
Date: Mon, 14 Dec 2015 18:15:59 +0100
Message-id: <[🔎] 1450113359.2546.27.camel@edf.fr>
Reply-to: Yann Soubeyrand <yann-externe.soubeyrand@edf.fr>, 807930@bugs.debian.org

Attached is the upstream patch with proper DEP-3 headers.

If you need help to prepare the packages for Jessie and Wheezy, feel
free to ask me ;-)

Cheers

Description: foomatic-rip: SECURITY FIX: Also consider the semicolon (';') as an
 illegal shell escape character.
Author: Till Kamppeter <till.kamppeter@gmail.com>
Origin: upstream, https://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
Bug-Debian: https://bugs.debian.org/807930

--- a/filter/foomatic-rip/util.c	2015-10-30 15:45:03 +0000
+++ b/filter/foomatic-rip/util.c	2015-12-12 23:27:21 +0000
@@ -31,7 +31,7 @@
 #include <assert.h>
 
 
-const char* shellescapes = "|<>&!$\'\"`#*?()[]{}";
+const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}";
 
 const char * temp_dir()
 {

Reply to:

Prev by Date: Processed: your mail
Next by Date: cups-filters 1.4.0 released!
Previous by thread: Processed (with 2 errors): your mail
Next by thread: Re: Bug#807930: cups-filters: code execution via improper escaping of ; in foomatic-rip
Index(es):
- Date
- Thread