Fedora Legacy Test Update Notification: a2ps

Marc Deslauriers marcdeslauriers at videotron.ca
Tue Nov 15 05:03:53 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-152870
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152870
2005-11-14
---------------------------------------------------------------------

Name        : a2ps
Versions    : rh73: a2ps-4.13b-19.2.legacy
Versions    : rh9: a2ps-4.13b-28.2.legacy
Versions    : fc1: a2ps-4.13b-30.2.legacy
Summary     : Converts text and other types of files to PostScript(TM).
Description :
The a2ps filter converts text and other types of files to PostScript
format. A2ps has pretty-printing capabilities and includes support for a
wide number of programming languages, encodings (ISO Latins, Cyrillic,
etc.), and media.

---------------------------------------------------------------------
Update Information:

An updated a2ps package that fixes a security bug is now available.

The a2ps filter converts text and other types of files to PostScript
format.

A problem was discovered in the way a2ps handles filenames that include
shell metacharacters. An attacker could use this flaw to execute
arbitrary commands by providing a filename that includes metacharacters
as an argument. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-1170 to this issue.

All users of a2ps should upgrade to this updated package, which includes
a patch to correct this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.13b-19.2.legacy
- Added a bunch of missing packages to BuildRequires

* Tue Dec 21 2004 Pekka Savola <pekkas at netcore.fi 4.13b-19.1.legacy
- Fix CAN-2004-1170 (#2338) w/ patch from Debian.

rh9:
* Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.13b-28.2.legacy
- Added a bunch of missing packages to BuildRequires

* Tue Dec 21 2004 Pekka Savola <pekkas at netcore.fi 4.13b-28.1.legacy
- Fix CAN-2004-1170 (#2338) w/ patch from Debian.

fc1:
* Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.13b-30.2.legacy
- Added a bunch of missing packages to BuildRequires

* Tue Dec 21 2004 Pekka Savola <pekkas at netcore.fi 4.13b-30.1.legacy
- Fix CAN-2004-1170 (#2338) w/ patch from Debian.

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
b0ebb139fd78a887831f8528458d969c42841283
redhat/7.3/updates-testing/i386/a2ps-4.13b-19.2.legacy.i386.rpm
fb55530b7f25e02080fcd8c5126f9f5f042a5d43
redhat/7.3/updates-testing/SRPMS/a2ps-4.13b-19.2.legacy.src.rpm

rh9:
828dc69302ec1530ada589842da023e3eb796ab5
redhat/9/updates-testing/i386/a2ps-4.13b-28.2.legacy.i386.rpm
8b3ef7ab2dca9d436fb34b2d11935921842c2779
redhat/9/updates-testing/SRPMS/a2ps-4.13b-28.2.legacy.src.rpm

fc1:
87a14c8ceafcc6e633430ed3715a9d63c3c9e837
fedora/1/updates-testing/i386/a2ps-4.13b-30.2.legacy.i386.rpm
9426b2180ef3750090b05616daa776f88bbfb3fa
fedora/1/updates-testing/SRPMS/a2ps-4.13b-30.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20051115/72b43ca3/attachment.sig>

More information about the fedora-legacy-list mailing list