[Bug 1301215] Re: Sync a2ps 1:4.14-1.3 (universe) from Debian unstable (main)

[Logan Rosen]

This bug was fixed in the package a2ps - 1:4.14-1.3
Sponsored for Jackson Doak (noskcaj)

---------------
a2ps (1:4.14-1.3) unstable; urgency=high

  * Non-maintainer upload.
  * Add CVE-2014-0466.diff patch.
    CVE-2014-0466: fixps does not invoke gs with -dSAFER. A malicious
    PostScript file could delete files with the privileges of the invoking
    user.
    Thanks to brian m. carlson <sandals at crustytoothpaste.net> (Closes: #742902)

 -- Salvatore Bonaccorso <carnil at debian.org>  Sun, 30 Mar 2014 09:09:07
+0200

** Changed in: a2ps (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0466

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1301215

Title:
  Sync a2ps 1:4.14-1.3 (universe) from Debian unstable (main)

Status in “a2ps” package in Ubuntu:
  Fix Released

Bug description:
  Please sync a2ps 1:4.14-1.3 (universe) from Debian unstable (main)

  Changelog entries since current trusty version 1:4.14-1.2:

  a2ps (1:4.14-1.3) unstable; urgency=high

    * Non-maintainer upload.
    * Add CVE-2014-0466.diff patch.
      CVE-2014-0466: fixps does not invoke gs with -dSAFER. A malicious
      PostScript file could delete files with the privileges of the invoking
      user.
      Thanks to brian m. carlson <sandals at crustytoothpaste.net> (Closes: #742902)

   -- Salvatore Bonaccorso <carnil at debian.org>  Sun, 30 Mar 2014
  09:09:07 +0200

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/a2ps/+bug/1301215/+subscriptions