Your message dated Wed, 09 Dec 2015 09:51:47 +0000 with message-id <[email protected]> and subject line Bug#806886: fixed in foomatic-filters 4.0.5-6+squeeze2+deb6u11 has caused the Debian Bug report #806886, regarding CVE-2015-8327 Insufficient script injection prevention to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 806886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: foomatic-filters Version: 4.0-20090301-1 Severity: important Tags: security upstream Hi, cups-filters 1.2.0 was released last Tuesday with a security fix for CVE-2015-8327 in foomatic-rip/util.c: > foomatic-rip: SECURITY FIX: Also consider the back tick > ('`') as an illegal shell escape character. Thanks to Michal > Kowalczyk from the Google Security Team for the hint (CVE-2015-8327). cups-filters 1.2.0 is fixed and a security upload for its version in stable has already been uploaded, but foomatic-filters is also affected in all suites, as the culprit code exists since 4.0-20090301. The patch is straightforward, and is attached to this bugreport. Cheers, OdyXDescription: foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as an illegal shell escape character. Thanks to Michal Kowalczyk from the Google Security Team for the hint. Author: Till Kamppeter <[email protected]> Bug-CVE: CVE-2015-8327 Origin: upstream Last-Update: 2015-11-26 --- a/util.c +++ b/util.c @@ -31,7 +31,7 @@ #include <assert.h> -const char* shellescapes = "|<>&!$\'\"#*?()[]{}"; +const char* shellescapes = "|<>&!$\'\"`#*?()[]{}"; const char * temp_dir() {
--- End Message ---
--- Begin Message ---Source: foomatic-filters Source-Version: 4.0.5-6+squeeze2+deb6u11 We believe that the bug you reported is fixed in the latest version of foomatic-filters, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <[email protected]> (supplier of updated foomatic-filters package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 09 Dec 2015 10:21:20 +0200 Source: foomatic-filters Binary: foomatic-filters Architecture: source amd64 Version: 4.0.5-6+squeeze2+deb6u11 Distribution: squeeze-lts Urgency: high Maintainer: Debian Printing Group <[email protected]> Changed-By: Chris Lamb <[email protected]> Description: foomatic-filters - OpenPrinting printer support - filters Closes: 806886 Changes: foomatic-filters (4.0.5-6+squeeze2+deb6u11) squeeze-lts; urgency=high . * CVE-2015-8327: Fix insufficient script injection prevention (Closes: #806886) Checksums-Sha1: 35f9bdcb84fae93fad5a939e4ec4c3e13d5ed9bc 2055 foomatic-filters_4.0.5-6+squeeze2+deb6u11.dsc 1345880f3b89242b0ac7fae1e3750bf2154130f4 243239 foomatic-filters_4.0.5.orig.tar.gz 2c8596426a4f95c140afe3426c36453a76552661 53071 foomatic-filters_4.0.5-6+squeeze2+deb6u11.debian.tar.gz a8951bc5db708b935be8b88a6e0bc41a0f26d93d 151072 foomatic-filters_4.0.5-6+squeeze2+deb6u11_amd64.deb Checksums-Sha256: 42bf968f6c59caed8ce10824b398ce9ed6c28b280737cadf3dab1c0cbf4bb55a 2055 foomatic-filters_4.0.5-6+squeeze2+deb6u11.dsc dafa39cd5a9de94db59aacd05f0ccbc4eba362d1633419f3dc3c7126c83c1036 243239 foomatic-filters_4.0.5.orig.tar.gz 1d417101e7b3215ad3b56f629e9d91a7eee4bd74bc07e1edb0944ab274b929ba 53071 foomatic-filters_4.0.5-6+squeeze2+deb6u11.debian.tar.gz 75807917d884143c78fe0b1b3b3dc77e0f2568911a3f158bccda2b8e77299ba0 151072 foomatic-filters_4.0.5-6+squeeze2+deb6u11_amd64.deb Files: 0645dc9fb1b72cf77da074314e5e4f43 2055 text optional foomatic-filters_4.0.5-6+squeeze2+deb6u11.dsc fd99dac3a36807a47ffa4f9eb15c1b07 243239 text optional foomatic-filters_4.0.5.orig.tar.gz 87e23c57105a7df6c079d18c4d48bab6 53071 text optional foomatic-filters_4.0.5-6+squeeze2+deb6u11.debian.tar.gz 7602759182b8ebfb15a98f2110767f60 151072 text optional foomatic-filters_4.0.5-6+squeeze2+deb6u11_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWZ+VSAAoJEB6VPifUMR5Yq6YP/iYg295takkPAC4dV3fyKiGf R3XszfDWTHALYiMhaSvKca4hBqzELVoHLGBBTUO41Kb8GckJcI1kZqAoCvo/uwVu 7dqRyf1OJ6fKYCPfiD+tl0xi7770qW7VndJRT/h92ItYHPTXcDWW0bFcMi0LcKqJ v4XAOGDp5JEZI4+dlyJC5Rf51p/HWjMWXM6mD/4Hvq5TaELbOjlFk09ubz3GdbTi M/aTjHIGl4UCL5KXuwzre8hKDyYoHiRSRZYVTfKRUmJ3oqJVQSQ1uz1yyMGdk4so 2qR57x3QT4hBsTNaNvnJlfQdNnRcpMZA3qKERvB8YX5ZV5ZdeRnkB4+qkmBJmCHl PI3Kdg0sMK1CpIaOnNiDOJLGx+ql/IQT/S07cAdmQKmW90ftFBttxomBH17w+wm7 65zbQ5vCExun6i6OeqrB8AcXNmHN+k3U22yatI3WpxwUNZkte2UiI0CKN6u+S+Ph e+yX7KgjX9UuenanWmkt3OC6rX4ppppPvIOFMNgEVHiOOXhbh1gV2q3z+domwXyu Xg623LBsrV2SJ9CLNxD0i3xmtMsrs9B428mb3x6R90lfehX+/TPB9m1X/IddH6PP TMlVrjc5nqWMi2PdPM8kFhIbf7mZ9FghhJFAhIn5QfuODqRLAVVn4YTgCVGbZ+AS 55UMgJHxOk5xeqU6Dz41 =+8s9 -----END PGP SIGNATURE-----
--- End Message ---

