- fix for malicious crafted a2ps prologue files

Security: CVE-2015-8107 Security: http://www.openwall.com/lists/oss-security/2015/11/16/4 Submitted by: feld Obtained from: http://www.openwall.com/
svn path=/head/; revision=401780
2024-12-03 01:23:49 +00:00 · 2015-11-16 18:38:56 +00:00 · 2015-11-16 18:38:56 +00:00 · 0543d3e32a · 2021-03-31 03:12:20 +00:00
commit 0543d3e32a
parent 05366ca4c1
1 changed files with 13 additions and 0 deletions
--- a/print/a2ps/files/patch-output.c
+++ b/print/a2ps/files/patch-output.c
@ -0,0 +1,13 @@
+Fix for CVE-2015-8107
+http://www.openwall.com/lists/oss-security/2015/11/16/4
+--- lib/output.c.orig  2015-11-16 15:29:38 UTC
+++ lib/output.c
+@@ -525,7 +525,7 @@ output_file (struct output * out, a2ps_j
+                    expand_user_string (job, FIRST_FILE (job),
+                                        (const uchar *) "Expand: requirement",
+                                        (const uchar *) token));
+-      output (dest, expansion);
+      output (dest, "%s", expansion);
+       continue;
+       }
+