commit a2ps for openSUSE:Factory
Hello community,
here is the log from the commit of package a2ps for openSUSE:Factory checked in at 2014-04-02 17:17:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/a2ps (Old)
and /work/SRC/openSUSE:Factory/.a2ps.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "a2ps"
Changes:
--------
--- /work/SRC/openSUSE:Factory/a2ps/a2ps.changes 2013-12-10 17:41:52.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.a2ps.new/a2ps.changes 2014-04-02 17:17:41.000000000 +0200
@@ -1,0 +2,6 @@
+Mon Mar 31 08:08:37 UTC 2014 - werner@suse.de
+
+- Add patch CVE-2014-0466.diff to fix bnc#871097 - CVE-2014-0466:
+ fixps does not use -dSAFER
+
+-------------------------------------------------------------------
New:
----
CVE-2014-0466.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ a2ps.spec ++++++
--- /var/tmp/diff_new_pack.eNus3Z/_old 2014-04-02 17:17:42.000000000 +0200
+++ /var/tmp/diff_new_pack.eNus3Z/_new 2014-04-02 17:17:42.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package a2ps
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -62,6 +62,8 @@
Patch11: a2ps-4.13-psgen.patch
Patch12: a2ps-4.13-gv-arguments.patch
Patch13: a2ps-4.13-linker.patch
+# PATCH-FIX-USTREAM Bug 871097 - CVE-2014-0466: a2ps: fixps does not use -dSAFER
+Patch14: CVE-2014-0466.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -105,6 +107,7 @@
%patch -P 11 -p 0 -b .psgen
%patch -P 12 -p 1 -b .gvarg
%patch -P 13 -p 0 -b .ldso
+%patch -P 14 -p 1 -b .cve140466
%patch
cp -f %SOURCE1 po/ko.po
rename no nb po/no.*
++++++ CVE-2014-0466.diff ++++++
Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
A malicious PostScript file could delete files with the privileges of
the invoking user.
Origin: vendor
Bug-Debian: http://bugs.debian.org/742902
Author: Salvatore Bonaccorso
participants (1)
-
root@hilbert.suse.de