Bug#807930: marked as done (cups-filters: CVE-2015-8560: code execution via improper escaping of ; in foomatic-rip)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 15 Dec 2015 10:39:29 +0000
with message-id <E1a8n0z-0004rq-Gs@franck.debian.org>
and subject line Bug#807930: fixed in cups-filters 1.4.0-1
has caused the Debian Bug report #807930,
regarding cups-filters: CVE-2015-8560: code execution via improper escaping of ; in foomatic-rip
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
807930: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807930
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: TEMP-0000000-166C73 code execution via improper escaping of ; in foomatic-rip
• From: Yann Soubeyrand <yann-externe.soubeyrand@edf.fr>
• Date: Mon, 14 Dec 2015 15:45:31 +0100
• Message-id: <[🔎] 20151214144531.26578.99043.reportbug@dsp0688145.postes.calibre.edf.fr>

Package: cups-filters
Severity: important
Tags: security upstream

There is a patch upstream for this vulnerability:
https://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419.

--- End Message ---

--- Begin Message ---

• To: 807930-close@bugs.debian.org
• Subject: Bug#807930: fixed in cups-filters 1.4.0-1
• From: Didier Raboud <odyx@debian.org>
• Date: Tue, 15 Dec 2015 10:39:29 +0000
• Message-id: <E1a8n0z-0004rq-Gs@franck.debian.org>

Source: cups-filters
Source-Version: 1.4.0-1

We believe that the bug you reported is fixed in the latest version of
cups-filters, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 807930@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups-filters package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Dec 2015 11:04:23 +0100
Source: cups-filters
Binary: libcupsfilters1 libfontembed1 cups-filters cups-filters-core-drivers libcupsfilters-dev libfontembed-dev cups-browsed
Architecture: source
Version: 1.4.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Description:
 cups-browsed - OpenPrinting CUPS Filters - cups-browsed
 cups-filters - OpenPrinting CUPS Filters - Main Package
 cups-filters-core-drivers - OpenPrinting CUPS Filters - PPD-less printing
 libcupsfilters-dev - OpenPrinting CUPS Filters - Development files for the library
 libcupsfilters1 - OpenPrinting CUPS Filters - Shared library
 libfontembed-dev - OpenPrinting CUPS Filters - Development files for font embed libr
 libfontembed1 - OpenPrinting CUPS Filters - Font Embed Shared library
Closes: 807930
Changes:
 cups-filters (1.4.0-1) unstable; urgency=medium
 .
   * New upstream release
    - foomatic-rip: SECURITY FIX: Also consider the semicolon (';') as an
      illegal shell escape character. Thanks to Adam Chester for the hint
      (CVE-2015-8560, Closes: #807930)
    - Added support for Braille embossing via CUPS
 .
   [ Till Kamppeter ]
   * Changes for the upstream addition of the Braille embosser drivers
   * Moved the implicitclass backend from the cups-filters into the cups-browsed
     binary package as it is used by cups-browsed (and so already needed by a
     level-1 printing stack)
   * Added dependencies on imagemagick (>= 6.4~), liblouisutdml-bin, and
     poppler-utils to cups-filters, as they are needed to convert images, text,
     and PDF to Braille, added antiword and docx2txt to Suggests: as they allow
     converting Word files to Braille
Checksums-Sha1:
 e420d8a3e0de0a4f03295c0da632d3b0551c16df 2727 cups-filters_1.4.0-1.dsc
 05280371296d708974309a2870d516444169b2b8 1373724 cups-filters_1.4.0.orig.tar.xz
 c032b05ac03486ddff374a524b145929a682c6c2 68484 cups-filters_1.4.0-1.debian.tar.xz
Checksums-Sha256:
 59df22fcc039952296886cab5e2e492f142204dd65a186f1a7f7987741fcba75 2727 cups-filters_1.4.0-1.dsc
 0aa63f82a3feb5c46136b917722ee1565b4c1e2e533db4716f62d31e29c6579a 1373724 cups-filters_1.4.0.orig.tar.xz
 7714a20c1526198c70c9ffd99b1a4190b241a717dd2ad2028d1efc4d55d1d4f3 68484 cups-filters_1.4.0-1.debian.tar.xz
Files:
 546244f433e5128deb57775d0910247a 2727 net optional cups-filters_1.4.0-1.dsc
 9dc532a710c21ac2c063d07465b93d0b 1373724 net optional cups-filters_1.4.0.orig.tar.xz
 9a0267b9d9cfb8f4b8a327e757890396 68484 net optional cups-filters_1.4.0-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGcBAEBCgAGBQJWb+o0AAoJEIvPpx7KFjRVbvML/0/8dIoQ88UtjZdq9wN5OLQP
0VaMkXV54BowwNQ+MaZ3hLjJfWhxX6dKAMnpin6qmbRoVaXDEOYsgogkh7ankxv4
U6XNBNPLGkPgNiR8dZFyQFxZyAMi+td3rttyonT3FsLLFqztCBO7X5KkdgI3IKhj
JQ80yJd7Jv/tOzxaPpRyewAajKgBJhLYGWIbCq43pAik/dtDWrO26Am8Ygi06WaX
D/8cWy9gqDNg/ujOh3w4R3uWL3AIIeL0lY+YA2gZlVvDEcSS6hNTqAWXxVKrZrfu
xgl9j4gsTm+Ke5zcVyoBUXXUwKivomFiDisI7EnPDImTuRdfm+4LNYiQvKA7NDXM
Sc1DftQbfWblAl4A5REFIFr+Azx8LNuC/w71GF58d+R0yoDpTF82LE0jAI+QBHR9
9gAb1RmC5oNleCkhvPZf7q69BrZTnUb0oh1VHRQQyAsek+b8YfGldJ6I/SAveJKp
UxBYHuZrkQvwfnlliI467fM7LwZqLPTGkSZArpk1kQ==
=i/go
-----END PGP SIGNATURE-----

--- End Message ---