Date: Mon, 16 Nov 2015 18:38:57 +0000 (UTC) From: Dirk Meyer <dinoex@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r401780 - head/print/a2ps/files Message-ID: <201511161838.tAGIcv4W085038@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dinoex Date: Mon Nov 16 18:38:56 2015 New Revision: 401780 URL: https://svnweb.freebsd.org/changeset/ports/401780 Log: - fix for malicious crafted a2ps prologue files Security: CVE-2015-8107 Security: http://www.openwall.com/lists/oss-security/2015/11/16/4 Submitted by: feld Obtained from: http://www.openwall.com/ Added: head/print/a2ps/files/patch-output.c (contents, props changed) Added: head/print/a2ps/files/patch-output.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/print/a2ps/files/patch-output.c Mon Nov 16 18:38:56 2015 (r401780) @@ -0,0 +1,13 @@ +Fix for CVE-2015-8107 +http://www.openwall.com/lists/oss-security/2015/11/16/4 +--- lib/output.c.orig 2015-11-16 15:29:38 UTC ++++ lib/output.c +@@ -525,7 +525,7 @@ output_file (struct output * out, a2ps_j + expand_user_string (job, FIRST_FILE (job), + (const uchar *) "Expand: requirement", + (const uchar *) token)); +- output (dest, expansion); ++ output (dest, "%s", expansion); + continue; + } +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201511161838.tAGIcv4W085038>