Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character

To: cve-assign@mitre.org, carnil@debian.org
Cc: oss-security@lists.openwall.com, adam.chester@pentest.co.uk, Debian Printing Team <Debian-printing@lists.debian.org>
Subject: Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character
From: Till Kamppeter <till.kamppeter@gmail.com>
Date: Mon, 14 Dec 2015 21:58:13 -0200
Message-id: <[🔎] 566F5795.40201@gmail.com>
In-reply-to: <20151214213230.52EC66C0180@smtpvmsrv1.mitre.org>
References: <20151214213230.52EC66C0180@smtpvmsrv1.mitre.org>

On 12/14/2015 07:32 PM, cve-assign@mitre.org wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

There was another commit in cups-filters upstream (revision 7419) as
well adding (;) to the set of illegal shell escape characters:

http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419


Use CVE-2015-8560.

Thank you very much. I have released cups-filters 1.4.0 upstream nowwith reference to this CVE in the NEWS file.


   Till

Reply to:

Prev by Date: Bug#807930: TEMP-0000000-166C73 code execution via improper escaping of ; in foomatic-rip
Next by Date: Re: cups-filters 1.4.0 released!
Previous by thread: Re: cups-filters 1.4.0 released!
Next by thread: Processed: retitle 807930 to cups-filters: CVE-2015-8560: code execution via improper escaping of ; in foomatic-rip
Index(es):
- Date
- Thread