Bug#807930: marked as done (cups-filters: CVE-2015-8560: code execution via improper escaping of ; in foomatic-rip)

To: Didier Raboud <odyx@debian.org>
Subject: Bug#807930: marked as done (cups-filters: CVE-2015-8560: code execution via improper escaping of ; in foomatic-rip)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 20 Dec 2015 17:21:04 +0000
Message-id: <[🔎] handler.807930.D807930.145063184918507.ackdone@bugs.debian.org>
References: <E1aAhbs-0000kd-PQ@franck.debian.org> <[🔎] 20151214144531.26578.99043.reportbug@dsp0688145.postes.calibre.edf.fr>

Your message dated Sun, 20 Dec 2015 17:17:28 +0000
with message-id <E1aAhbs-0000kd-PQ@franck.debian.org>
and subject line Bug#807930: fixed in cups-filters 1.0.61-5+deb8u3
has caused the Debian Bug report #807930,
regarding cups-filters: CVE-2015-8560: code execution via improper escaping of ; in foomatic-rip
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
807930: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807930
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: TEMP-0000000-166C73 code execution via improper escaping of ; in foomatic-rip

From: Yann Soubeyrand <yann-externe.soubeyrand@edf.fr>

Date: Mon, 14 Dec 2015 15:45:31 +0100

Message-id: <[🔎] 20151214144531.26578.99043.reportbug@dsp0688145.postes.calibre.edf.fr>
Package: cups-filters
Severity: important
Tags: security upstream

There is a patch upstream for this vulnerability:
https://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419.
--- End Message ---

--- Begin Message ---

To: 807930-close@bugs.debian.org
Subject: Bug#807930: fixed in cups-filters 1.0.61-5+deb8u3
From: Didier Raboud <odyx@debian.org>
Date: Sun, 20 Dec 2015 17:17:28 +0000
Message-id: <E1aAhbs-0000kd-PQ@franck.debian.org>

Source: cups-filters
Source-Version: 1.0.61-5+deb8u3

We believe that the bug you reported is fixed in the latest version of
cups-filters, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 807930@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups-filters package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Dec 2015 13:23:43 +0100
Source: cups-filters
Binary: libcupsfilters1 libfontembed1 cups-filters cups-filters-core-drivers libcupsfilters-dev libfontembed-dev cups-browsed
Architecture: source amd64
Version: 1.0.61-5+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Description:
 cups-browsed - OpenPrinting CUPS Filters - cups-browsed
 cups-filters - OpenPrinting CUPS Filters - Main Package
 cups-filters-core-drivers - OpenPrinting CUPS Filters - PPD-less printing
 libcupsfilters-dev - OpenPrinting CUPS Filters - Development files for the library
 libcupsfilters1 - OpenPrinting CUPS Filters - Shared library
 libfontembed-dev - OpenPrinting CUPS Filters - Development files for font embed libr
 libfontembed1 - OpenPrinting CUPS Filters - Font Embed Shared library
Closes: 807930
Changes:
 cups-filters (1.0.61-5+deb8u3) jessie-security; urgency=high
 .
   * Backport upstream fixes to also consider the semicolon (';') as an illegal
     shell escape character (CVE-2015-8560, Closes: #807930)
Checksums-Sha1:
 f47255dea67f3c0dc9d2abf37f75fc945cff1206 2718 cups-filters_1.0.61-5+deb8u3.dsc
 f98f70ecf69dab54a139c7ed2cf726c9e66a2686 68160 cups-filters_1.0.61-5+deb8u3.debian.tar.xz
 f3471fed40b36db43c857b4ba179683e5357238d 106378 libcupsfilters1_1.0.61-5+deb8u3_amd64.deb
 e598081e3e7d8a7e2c451dd89ac3ac424db2da69 73448 libfontembed1_1.0.61-5+deb8u3_amd64.deb
 ca86d30e353378b6796bdbcd2b000647af942d07 506982 cups-filters_1.0.61-5+deb8u3_amd64.deb
 25376b3891d6d3866b5a34a47b24adb14726fad3 141360 cups-filters-core-drivers_1.0.61-5+deb8u3_amd64.deb
 f2e83904069a45f4d674a556794c9196d688cf37 113194 libcupsfilters-dev_1.0.61-5+deb8u3_amd64.deb
 80c0c47111aea99ace753c6953fedd6ff1047c22 76314 libfontembed-dev_1.0.61-5+deb8u3_amd64.deb
 e876642f6ce3a873b43a930dbc5129365be24744 79218 cups-browsed_1.0.61-5+deb8u3_amd64.deb
Checksums-Sha256:
 845c0e2e5b0a995ffeaf3711a46e4499f6e809915b442189b041184a262e61df 2718 cups-filters_1.0.61-5+deb8u3.dsc
 d8f9e0dbaa0621acd7798446c7000a7134e47133789e3b85434f2b528826518d 68160 cups-filters_1.0.61-5+deb8u3.debian.tar.xz
 c88e651a43778c185e444954ac3dd36ab94e5c3cd4827931f94b241d2c1ebca3 106378 libcupsfilters1_1.0.61-5+deb8u3_amd64.deb
 dacc1d9755f3d074fba3aa98dec4135ac0f28043d1407c62db2af6aae45dfa2c 73448 libfontembed1_1.0.61-5+deb8u3_amd64.deb
 5863b75b1140f2968eb06c35d581dab1a6b439d46d476d98b809e9e1f5a7cafe 506982 cups-filters_1.0.61-5+deb8u3_amd64.deb
 a89e2b62961d63d160b8d686c8e0c95414d6a96d9c3228bd384e038075fc1c2f 141360 cups-filters-core-drivers_1.0.61-5+deb8u3_amd64.deb
 46b0df541ed8cc5721510298964a7189edb895a5b93c9e1e4e3e71bd74648b39 113194 libcupsfilters-dev_1.0.61-5+deb8u3_amd64.deb
 2514958151e80cd28df9c94e42d8fd671aaa4a23a6e84477f7247f0729ae87aa 76314 libfontembed-dev_1.0.61-5+deb8u3_amd64.deb
 34f36057094ba4ea2a4b66ce94c2c39bb299d4ad0c3405dfc5ce51e7a5448742 79218 cups-browsed_1.0.61-5+deb8u3_amd64.deb
Files:
 42b6034696c05f2d5efe6291392ed9f7 2718 net optional cups-filters_1.0.61-5+deb8u3.dsc
 0c50528e578ac96a0561625e81d041c1 68160 net optional cups-filters_1.0.61-5+deb8u3.debian.tar.xz
 9479c18707e377ce7f7045b024decd4f 106378 libs optional libcupsfilters1_1.0.61-5+deb8u3_amd64.deb
 fd121e74edb90c7dfad04631b1bf4eca 73448 libs optional libfontembed1_1.0.61-5+deb8u3_amd64.deb
 91322c8661b1d603fc8f12e6acca85e4 506982 net optional cups-filters_1.0.61-5+deb8u3_amd64.deb
 1edb1eb3ae1f784b0db2b52d2fc4000d 141360 net optional cups-filters-core-drivers_1.0.61-5+deb8u3_amd64.deb
 bd2c264ca16dc87ca9260d2cc4905c63 113194 libdevel optional libcupsfilters-dev_1.0.61-5+deb8u3_amd64.deb
 de08662977d135026ac85396210dbd65 76314 libdevel optional libfontembed-dev_1.0.61-5+deb8u3_amd64.deb
 a48f10190babf52451b525d9c2a4b180 79218 net optional cups-browsed_1.0.61-5+deb8u3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQGcBAEBCgAGBQJWcBFSAAoJEIvPpx7KFjRV/MoL/0hV5aysch2gmDfQpLdu7Mvt
WJYtxLWQMpSphnA3U/Qq3wUsuFRj+/MvJ5vM4mItDlmL61LJU3gWmD/fSbUXGHut
qyHizyOiRJqx/WbcEhaGgeB41Hu4SL6orGxO+oo9rFUdaiTdCr2bNszaCo0oHxxq
ab5X+Sonx4qAvW6oM4XaGhKPGF6zpiMxDuWOkP3AHErn4UqP5kfG8VLvHY68ABhP
rRrCTNJqY9NIqKXUJ/Wcrg2jIKsTV7iwGsX7OJK/AKbdRIALymvHdz+iW01TCGun
5DkWhLKciBhtgatKS7bZVbO31maLwhfJnMm7A1u5K+tVq8VteEMvPZP8CpFeQf2W
v+9ZWxfZ0MpL6xLA5VZpQPDp0+nAFZBb3I8LUrMpNEz5NOSpqm2rgBdlxdnqVeB9
63auip2NN13b0EDuqydLGzYUdcTUru8IfEhZVuhnME1Q3E7ct4K1OF0smgNkhoYr
GNXoQbCS8MEuS51P5rSrK+JKwUJS5qxlGhcVZJ/X8A==
=XurY
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#807930: TEMP-0000000-166C73 code execution via improper escaping of ; in foomatic-rip
  - From: Yann Soubeyrand <yann-externe.soubeyrand@edf.fr>

Prev by Date: cups-filters 1.5.0 released!
Next by Date: cups-filters_1.0.61-5+deb8u3_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Previous by thread: Bug#807930: marked as done (cups-filters: CVE-2015-8560: code execution via improper escaping of ; in foomatic-rip)
Next by thread: Processed: your mail
Index(es):
- Date
- Thread