[OE-core] [PATCH 2/2] foomatic-filters: Security fixes CVE-2015-8327
Armin Kuster
akuster808 at gmail.com
Mon Feb 1 17:54:22 UTC 2016
From: Armin Kuster <akuster at mvista.com>
CVE-2015-8327 cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character
Signed-off-by: Armin Kuster <akuster at mvista.com>
---
.../foomatic-filters-4.0.17/CVE-2015-8327.patch | 23 ++++++++++++++++++++++
1 file changed, 23 insertions(+)
create mode 100644 meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch
diff --git a/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch b/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch
new file mode 100644
index 0000000..aaedc88
--- /dev/null
+++ b/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch
@@ -0,0 +1,23 @@
+Upstream-Status: Backport
+
+
+http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406
+
+Hand applied change to util.c. Fix was for cups-filters but also applied to foomatic-filters.
+
+CVE: CVE-2015-8327
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+Index: util.c
+===================================================================
+--- a/util.c
++++ b/util.c
+@@ -31,7 +31,7 @@
+ #include <assert.h>
+
+
+-const char* shellescapes = "|;<>&!$\'\"#*?()[]{}";
++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}";
+
+ const char * temp_dir()
+ {
--
2.3.5
More information about the Openembedded-core
mailing list