Control: tags -1 moreinfo On Wed, 2023-09-20 at 21:40 +0000, Thorsten Alteholz wrote: > The attached debdiff for cups fixes CVE-2023-4504 and CVE-2023-32360 > in > Bullseye. These CVEs have been marked as no-dsa by the security team, > but > at least CVE-2023-32360 got anRC bug (#1051953). >
+cups (2.4.2-6) unstable; urgency=low + + In case this is not a fresh installation of cups, please double check + whether your cupsd.conf really does contain the limitiation for + "CUPS-Get-Document" (see patch 0019-CVE-2023-32360.patch) The same query as for bookworm applies here - do we expect users to know how to find the patch? Regards, Adam
