aboutsummaryrefslogtreecommitdiffstats
path: root/main/a2ps/CVE-2014-0466.patch
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2014-04-18 08:20:52 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-04-18 08:21:32 +0000
commit9544460de3b7282c473654a2a67586c6645a05c1 (patch)
treeb7affc06c18f993842a0bb7741da2b36e609ead4 /main/a2ps/CVE-2014-0466.patch
parentf31cfb7cf7a3cc4f5167eff89e859a71b6c735ea (diff)
downloadaports-9544460de3b7282c473654a2a67586c6645a05c1.tar.bz2
aports-9544460de3b7282c473654a2a67586c6645a05c1.tar.xz
main/a2ps: security fix for CVE-2001-1593 and CVE-2014-0466
ref #2821
Diffstat (limited to 'main/a2ps/CVE-2014-0466.patch')
-rw-r--r--main/a2ps/CVE-2014-0466.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/main/a2ps/CVE-2014-0466.patch b/main/a2ps/CVE-2014-0466.patch
new file mode 100644
index 0000000000..85199e35b0
--- /dev/null
+++ b/main/a2ps/CVE-2014-0466.patch
@@ -0,0 +1,30 @@
+Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
+ A malicious PostScript file could delete files with the privileges of
+ the invoking user.
+Origin: vendor
+Bug-Debian: http://bugs.debian.org/742902
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2014-03-28
+
+--- a/contrib/fixps.in
++++ b/contrib/fixps.in
+@@ -389,7 +389,7 @@
+ eval "$command" ;;
+ gs)
+ $verbose "$program: making a full rewrite of the file ($gs)." >&2
+- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ esac
+ )
+ fi
+--- a/contrib/fixps.m4
++++ b/contrib/fixps.m4
+@@ -307,7 +307,7 @@
+ eval "$command" ;;
+ gs)
+ $verbose "$program: making a full rewrite of the file ($gs)." >&2
+- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ esac
+ )
+ fi