oss-security - Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <566F5795.40201@gmail.com>
Date: Mon, 14 Dec 2015 21:58:13 -0200
From: Till Kamppeter <till.kamppeter@...il.com>
To: cve-assign@...re.org, carnil@...ian.org
Cc: oss-security@...ts.openwall.com, adam.chester@...test.co.uk,
 Debian Printing Team <Debian-printing@...ts.debian.org>
Subject: Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider
 semicolon as an illegal shell escape character

On 12/14/2015 07:32 PM, cve-assign@...re.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>> There was another commit in cups-filters upstream (revision 7419) as
>> well adding (;) to the set of illegal shell escape characters:
>>
>> http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
>
> Use CVE-2015-8560.

Thank you very much. I have released cups-filters 1.4.0 upstream now 
with reference to this CVE in the NEWS file.

    Till

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.