Your message dated Sun, 27 Dec 2015 17:32:06 +0000
with message-id <[email protected]>
and subject line Bug#807993: fixed in foomatic-filters 4.0.17-5+deb8u1
has caused the Debian Bug report #807993,
regarding foomatic-filters: CVE-2015-8560: code execution via improper escaping
of ; in foomatic-rip
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
807993: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807993
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: foomatic-filters
Version: 4.0.5-6
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for foomatic-filters, this
is in addition to CVE-2015-8327.
CVE-2015-8560[0]:
code execution via improper escaping of ; in foomatic-rip
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8560
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: foomatic-filters
Source-Version: 4.0.17-5+deb8u1
We believe that the bug you reported is fixed in the latest version of
foomatic-filters, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated foomatic-filters
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 20 Dec 2015 22:09:42 +0100
Source: foomatic-filters
Binary: foomatic-filters
Architecture: source
Version: 4.0.17-5+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Jörg Frings-Fürst <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 806886 807993
Description:
foomatic-filters - OpenPrinting printer support - filters
Changes:
foomatic-filters (4.0.17-5+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add CVE-2015-8327.patch patch.
CVE-2015-8327: foomatic-rip did not consider the back tick as an illegal
shell escape character allowing arbitrary code execution. (Closes: #806886)
* Add CVE-2015-8560.patch patch.
CVE-2015-8560: code execution via improper escaping of ; (semicolon).
(Closes: #807993)
Checksums-Sha1:
f4bfee1cb2ec6a5af89e612d50c0de75894186dd 2015
foomatic-filters_4.0.17-5+deb8u1.dsc
7f740968ca73595738d257bbfed93a8ac1b2c460 49588
foomatic-filters_4.0.17-5+deb8u1.debian.tar.xz
Checksums-Sha256:
3b0548da61c34a4173e4c4d4916bc64fb04de5a18a5aeebd105fd30ab2b497f3 2015
foomatic-filters_4.0.17-5+deb8u1.dsc
e98b33fe2a2d759a44f1051bcdb67ec5256e0452cade716bad3c12ea1e4614cc 49588
foomatic-filters_4.0.17-5+deb8u1.debian.tar.xz
Files:
a236e9eabe75ffd5d1b6d82bc390aaed 2015 text optional
foomatic-filters_4.0.17-5+deb8u1.dsc
7025675b2e16a75f2d580f9b76917e8f 49588 text optional
foomatic-filters_4.0.17-5+deb8u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWdxnkAAoJEAVMuPMTQ89EkGQP/ja+oD/lYa7nIuCcJN2/cS+L
6vaU2mr3RePjNdzx45Nt6zYv+U3PvGLgp/Hd+IiGxOmhIZczgiHuJWCBuS27QQdx
LDt1NUQZ/VLHPMADc69KQIkOdx9YWaSpoov+6L5YWD7SrmQAMM/N2Df1yDJD87Cn
FoPnB5kfl8rfOzliVXw69ZAhBV3NztGkmNdK4FWLr08hdBcMhV0EI651y5r5qKDx
8bFtysykSV+k1ylmQDuR0YQBRWQDVS0hSfmp1RT1BWiZzRX65EFFqSR4py0rlVF3
0nyrYQO1W79YB+J3/ZwheZrInQlDioD2NuxOixLsMq+/xHYVAGy8n00qU84ZRyz8
GCT7uweowUY6QdnFvdMQO5QyimisC+ZgeMK1cU5ARX/lT5RAaqDSfkIWSgQbdDtr
p0aK1hkzcQFa8U5A7kAFVLD40ubMVJAmu6SZyk2ZIecfilx3c29Y3pAkRb3ME+Nj
a9UlJ2u8AcNS4byhbeIp6OrRJhxgX7gGFT75lr1+bB18EnftkgdQ+shvpO0stTb/
BGP1UzzM4Ml+VUJARYk5iM0YrFtZycOYWy71A2dqOxp3pGzv+ILQkpNypVcW4w+A
3G9z8kASGAK85dO3MW6kJhhteqQbbpeJ0eo+xOmf8DupzQZa2ao8GasS5I9mapku
ZXnr8LHe0KgbdnsHhFN+
=OTLn
-----END PGP SIGNATURE-----
--- End Message ---
