oss-sec mailing list archives

CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 13 Dec 2015 09:02:26 +0100

Hi

CVE-2015-8327 was assigned to cups-filters/foomatic-rip since it does
not consider the back ticks as an illegal shell escape character
and allowing code execution.

There was another commit in cups-filters upstream (revision 7419) as
well adding (;) to the set of illegal shell escape characters:

http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419

an was found by Adam Chester.

Could you assign a CVE for this issue as well?

Regards,
Salvatore

Current thread:

CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character Salvatore Bonaccorso (Dec 13)
- Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character cve-assign (Dec 14)
  - Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character Till Kamppeter (Dec 14)