File CVE-2014-0466.diff of Package a2ps.9165

Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
 A malicious PostScript file could delete files with the privileges of
 the invoking user.
Origin: vendor
Bug-Debian: http://bugs.debian.org/742902
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2014-03-28

diff -rupN a2ps-4.14.old/contrib/fixps.in a2ps-4.14/contrib/fixps.in
--- a2ps-4.14.old/contrib/fixps.in	2007-12-28 19:29:01.000000000 -0800
+++ a2ps-4.14/contrib/fixps.in	2014-08-06 21:11:17.114518845 -0700
@@ -389,7 +389,7 @@ if test $task != check; then
   	eval "$command" ;;
       gs)
         $verbose "$program: making a full rewrite of the file ($gs)." >&2
-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
     esac
   )
 fi
diff -rupN a2ps-4.14.old/contrib/fixps.m4 a2ps-4.14/contrib/fixps.m4
--- a2ps-4.14.old/contrib/fixps.m4	2007-12-28 18:11:47.000000000 -0800
+++ a2ps-4.14/contrib/fixps.m4	2014-08-06 21:11:40.529942880 -0700
@@ -307,7 +307,7 @@ if test $task != check; then
   	eval "$command" ;;
       gs)
         $verbose "$program: making a full rewrite of the file ($gs)." >&2
-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
     esac
   )
 fi