Control: tags -1 + confirmed On Fri, 2018-02-23 at 20:03 +0100, Didier 'OdyX' Raboud wrote: > (Mirroring #891142 for stretch): > > CUPS is affected by CVE-2017-18190: remote attackers could execute > arbitrary > IPP commands by sending POST requests to the CUPS daemon in > conjunction with > DNS rebinding. This was caused by a whitelisted > "localhost.localdomain" entry. > > According to the Security Team it doesn't warrant a DSA, but still > makes sense > to be addressed on Jessie (and Stretch). It was fixed independently > on wheezy > already. >
Please go ahead; sorry for the delay. Regards, Adam