[Pkg-hpijs-devel] Bug#635549: foomatic-filters 3.0.2-20080211-3.2+lenny1 oldstable-security upload for CVE-2011-2697
Didier Raboud
didier at raboud.com
Wed Jan 4 12:49:50 UTC 2012
Hi again Moritz,
(CC'ing #635549 as it was mentionned there and team at s.d.o as per [0])
On Wed, 04 Jan 2012 13:04:22 +0100, Didier Raboud wrote:
> (By the way, given that there is _no_ C version of foomatic-rip in
> lenny's foomatic-filters, I think that lenny is not affected by
> CVE-2011-2964; it is by CVE-2011-2697 though, I'll see what I can do
> on that side.)
So now I have been preparing an oldstable-security upload for
foomatic-filters, reportedly vulnerable to CVE-2011-2697 in its version
currently in oldstable. Same as before: it was mostly a matter of
cherry-picking the changes already prepared by the Ubuntu folks [1].
debdiff is attached, proposed changelog entry is below, please comment.
foomatic-filters (3.0.2-20080211-3.2+lenny1) oldstable-security;
urgency=high
* Fix CVE-2011-2697
"foomatic-rip in foomatic-filters allows remote attackers to execute
arbitrary code via a crafted *FoomaticRIPCommandLine field in a
ppd
file."
- Patch foomatic-rip.in using debian/patches/CVE-2011-2697.patch
from
Ubuntu hardy's 3.0.2-20071204-0ubuntu2.3, itself backported from
upstream (revision 140).
Cheers,
OdyX
[0] http://www.debian.org/security/faq#contact
[1]
https://launchpad.net/ubuntu/+source/foomatic-filters/3.0.2-20071204-0ubuntu2.3
and
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/hardy/foomatic-filters/hardy-security/view/head:/debian/patches/CVE-2011-2697.patch
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: foomatic-filters_3.0.2-20080211-3.2+lenny1.debdiff
URL: <http://lists.alioth.debian.org/pipermail/pkg-hpijs-devel/attachments/20120104/5743fdd2/attachment.ksh>
More information about the Pkg-hpijs-devel
mailing list