--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152870 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152870 2005-11-14 --------------------------------------------------------------------- Name : a2ps Versions : rh73: a2ps-4.13b-19.2.legacy Versions : rh9: a2ps-4.13b-28.2.legacy Versions : fc1: a2ps-4.13b-30.2.legacy Summary : Converts text and other types of files to PostScript(TM). Description : The a2ps filter converts text and other types of files to PostScript format. A2ps has pretty-printing capabilities and includes support for a wide number of programming languages, encodings (ISO Latins, Cyrillic, etc.), and media. --------------------------------------------------------------------- Update Information: An updated a2ps package that fixes a security bug is now available. The a2ps filter converts text and other types of files to PostScript format. A problem was discovered in the way a2ps handles filenames that include shell metacharacters. An attacker could use this flaw to execute arbitrary commands by providing a filename that includes metacharacters as an argument. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1170 to this issue. All users of a2ps should upgrade to this updated package, which includes a patch to correct this issue. --------------------------------------------------------------------- Changelogs rh73: * Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.13b-19.2.legacy - Added a bunch of missing packages to BuildRequires * Tue Dec 21 2004 Pekka Savola <pekkas@xxxxxxxxxx 4.13b-19.1.legacy - Fix CAN-2004-1170 (#2338) w/ patch from Debian. rh9: * Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.13b-28.2.legacy - Added a bunch of missing packages to BuildRequires * Tue Dec 21 2004 Pekka Savola <pekkas@xxxxxxxxxx 4.13b-28.1.legacy - Fix CAN-2004-1170 (#2338) w/ patch from Debian. fc1: * Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.13b-30.2.legacy - Added a bunch of missing packages to BuildRequires * Tue Dec 21 2004 Pekka Savola <pekkas@xxxxxxxxxx 4.13b-30.1.legacy - Fix CAN-2004-1170 (#2338) w/ patch from Debian. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: b0ebb139fd78a887831f8528458d969c42841283 redhat/7.3/updates-testing/i386/a2ps-4.13b-19.2.legacy.i386.rpm fb55530b7f25e02080fcd8c5126f9f5f042a5d43 redhat/7.3/updates-testing/SRPMS/a2ps-4.13b-19.2.legacy.src.rpm rh9: 828dc69302ec1530ada589842da023e3eb796ab5 redhat/9/updates-testing/i386/a2ps-4.13b-28.2.legacy.i386.rpm 8b3ef7ab2dca9d436fb34b2d11935921842c2779 redhat/9/updates-testing/SRPMS/a2ps-4.13b-28.2.legacy.src.rpm fc1: 87a14c8ceafcc6e633430ed3715a9d63c3c9e837 fedora/1/updates-testing/i386/a2ps-4.13b-30.2.legacy.i386.rpm 9426b2180ef3750090b05616daa776f88bbfb3fa fedora/1/updates-testing/SRPMS/a2ps-4.13b-30.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
