Summary: | <net-print/cups-filters-{1.0.71,1.4.0,1.5.0}: foomatic-rip - consider the back tick as an illegal shell escape character (CVE-2015-{8327,8560}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Manuel Rüger (RETIRED) <mrueg> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | printing |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.debian.org/debian-printing/2015/11/msg00020.html | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Manuel Rüger (RETIRED)
2015-12-01 21:05:26 UTC
https://www.openprinting.org/download/cups-filters/ Hi, I have released cups-filters 1.2.0 now, with the following changes: - cups-browsed: When using IP-address-based device URIs via the "IPBasedDeviceURIs" directive in cups-browsed.conf, add two additional settings to restrict the used IP addresses to either only IPv4 addresses or only IPv6 addresses. - foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as an illegal shell escape character. Thanks to Michal Kowalczyk from the Google Security Team for the hint (CVE-2015-8327). I would appreciate if you could upload it to Debian soon so that it syncs into Ubuntu, as it is needed for further development work on Ubuntu. CHANGES IN V1.4.0 - foomatic-rip: SECURITY FIX: Also consider the semicolon (';') as an illegal shell escape character. Thanks to Adam Chester (adam dot chester at pentest dot co dot uk) for the hint (CVE-2015-8560). - brftoembosser, imagetobrf, imagetoubrl, imageubrltoindexv3, imageubrltoindexv4, textbrftoindexv3, textbrftoindexv4, texttobrf, braille.convs, braille.types, generic-brf.drv, indexv3.drv, indexv4.drv: Added support for Braille embossing via CUPS. Text and even images can now be sent to a Braille embosser like to a printer. Thanks to Samuel Thibault (samuel dot thibault at ens-lyon dot org) for this contribution. Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. Arches please stabilize =net-print/cups-filters-1.5.0 Keywords for net-print/cups-filters: | | u | | a a a n p r s | n | | l m r h i m m i p i s p | u s | r | p d a m p a 6 i o p c s 3 a x | s l | e | h 6 r 6 p 6 8 p s p 6 c 9 s r 8 | e o | p | a 4 m 4 a 4 k s 2 c 4 v 0 h c 6 | d t | o ---------+---------------------------------+-----+------- 1.0.71 | + + + o + + o ~ o + + o ~ o + + | o 0 | gentoo 1.4.0 | ~ ~ ~ ~ ~ ~ o ~ o ~ ~ o ~ o ~ ~ | # | gentoo [I]1.5.0 | ~ ~ ~ ~ ~ ~ o ~ o ~ ~ o ~ o ~ ~ | o | gentoo 9999 | o o o o o o o o o o o o o o o o | o | gentoo amd64 stable arm stable Stable on alpha. ppc stable Stable for HPPA PPC64. x86 done. Ping on ia64 and sparc stabilization, for this vulnerability. sparc stable ia64 stable. Maintainer(s), please cleanup. Security, please vote. dropped now Arches and Maintainer(s), Thank you for your work. GLSA Vote: No Closing as [noglsa]. |