File _patchinfo of Package patchinfo

<patchinfo incident="3901">
  <issue id="921753" tracker="bnc">VUL-0: CVE-2015-2265: cups-filters: remote command execution in remove_bad_chars() (incomplete fix for CVE-2014-2707)</issue>
  <issue id="937018" tracker="bnc">VUL-0: CVE-2015-3279: cups-filters:  texttopdf integer overflow (incomplete fix for CVE-2015-3258)</issue>
  <issue id="936281" tracker="bnc">VUL-0:  CVE-2015-3258: cups-filters: texttopdf heap-based buffer overflow</issue>
  <issue id="CVE-2015-2265" tracker="cve" />
  <issue id="CVE-2015-3279" tracker="cve" />
  <issue id="CVE-2015-3258" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>jsmeix</packager>
  <description>cups-filters was updated to fix three security issues.

These security issues were fixed:
- CVE-2015-2265: The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allowed remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707 (bsc#921753).
- CVE-2015-3279: Texttopdf integer overflow (incomplete fix for CVE-2015-3258) (bsc#937018).
- CVE-2015-3258: Texttopdf heap-based buffer overflow (bsc#936281).
  </description>
  <summary>Security update for cups-filters</summary>
</patchinfo>