This bug was fixed in the package a2ps - 1:4.14-1.3
Sponsored for Jackson Doak (noskcaj)
---------------
a2ps (1:4.14-1.3) unstable; urgency=high
* Non-maintainer upload.
* Add CVE-2014-0466.diff patch.
CVE-2014-0466: fixps does not invoke gs with -dSAFER. A malicious
PostScript file could delete files with the privileges of the invoking
user.
Thanks to brian m. carlson <[email protected]> (Closes: #742902)
-- Salvatore Bonaccorso <[email protected]> Sun, 30 Mar 2014 09:09:07
+0200
** Changed in: a2ps (Ubuntu)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0466
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1301215
Title:
Sync a2ps 1:4.14-1.3 (universe) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/a2ps/+bug/1301215/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
