Summary: | net-print/foomatic-filters: Removal (was: Does not consider semicolon as an illegal shell escape character (CVE-2015-8327)) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | printing |
Priority: | Normal | Keywords: | PMASKED |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/12/13/2 | ||
Whiteboard: | B3 [upstream/cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-12-21 11:31:10 UTC
Maintainers can we please have an update of where this bug is? There has not been an official release since 02-Jul-2012 07:50 Yet releases are coming through the nightly builds. The latest packages are always the packages marked with "current" in their file names in the download area. They are a daily snapshot of Foomatic's Bazaar repositories, taken every night at 12:20am Oregon time. There are daily snapshots of the stable "4.0" branches and the "devel" branches, the head of the development. The Fix has been in there already: http://lists.openembedded.org/pipermail/openembedded-core/2016-February/116590.html Printing project can you please provide an update or plans about securing the package? (In reply to Yury German from comment #3) > Printing project can you please provide an update or plans about securing > the package? We will mask this package for removal, as it's deprecated and cups-filters[foomatic] should be a sufficient replacement for it. The only package that currently depends on it is net-print/lprng, all others depend on || ( foomatic-filters cups-filters[foomatic] ). commit 3ed439d471144c49cbb31d72f8b53f423db172a4 Author: Manuel Rüger <mrueg@gentoo.org> Date: Sat Nov 5 14:25:35 2016 +0100 profiles: Mask net-print/foomatic-filters for removal Thank you very much. (In reply to Manuel Rüger from comment #4) > (In reply to Yury German from comment #3) > > Printing project can you please provide an update or plans about securing > > the package? > > We will mask this package for removal, as it's deprecated and > cups-filters[foomatic] should be a sufficient replacement for it. > > The only package that currently depends on it is net-print/lprng, all others > depend on || ( foomatic-filters cups-filters[foomatic] ). That wrong on my system: # equery d net-print/foomatic-filters * These packages depend on net-print/foomatic-filters: net-print/hplip-3.16.10 (hpijs ? >=net-print/foomatic-filters-3.0.20080507[cups]) commit 26316fb66c942f4e13eae2f01baff6ed5f3653c9 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: Mon Dec 19 19:33:28 2016 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: Mon Dec 19 19:39:29 2016 net-print/foomatic-filters: Remove last-rited pkg, #568980 |