Package: cups Version: 1.4.4-7 Severity: normal Tags: upstream CUPS is installed on host 'foo'. My desktop is 'bar'. I don't want passwords travel on network in plaintext so I start an ssh tunnel from bar to foo's IPP port:
bar$ ssh -L 9631:localhost:631 foo Then I enter "http://localhost:9631"; in my browser. Cookies and JavaScript is temporary allowed for this "host". Browser stores session cookie. Everythink seems to be okay but links related jobs point to "http://foo:631/blahblahblah"; instead of "http://localhost:9631/blahblahblah";. Click "Show All Jobs" button of some printers and check page source. You can see that job ID-s have absolute URL behind while any other links use relative URLs as well as form actions. So following job links all my security settings get broken. Gabor -- System Information: Debian Release: 6.0.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages cups depends on: ii adduser 3.112+nmu2 add and remove users and groups ii bc 1.06.95-2 The GNU bc arbitrary precision cal ii cups-client 1.4.4-7 Common UNIX Printing System(tm) - ii cups-common 1.4.4-7 Common UNIX Printing System(tm) - ii cups-ppdc 1.4.4-7 Common UNIX Printing System(tm) - ii debconf [debconf-2. 1.5.36.1 Debian configuration management sy ii ghostscript 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF ii libavahi-client3 0.6.27-2+squeeze1 Avahi client library ii libavahi-common3 0.6.27-2+squeeze1 Avahi common library ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libcups2 1.4.4-7 Common UNIX Printing System(tm) - ii libcupscgi1 1.4.4-7 Common UNIX Printing System(tm) - ii libcupsdriver1 1.4.4-7 Common UNIX Printing System(tm) - ii libcupsimage2 1.4.4-7 Common UNIX Printing System(tm) - ii libcupsmime1 1.4.4-7 Common UNIX Printing System(tm) - ii libcupsppdc1 1.4.4-7 Common UNIX Printing System(tm) - ii libdbus-1-3 1.2.24-4+squeeze1 simple interprocess messaging syst ii libgcc1 1:4.4.5-8 GCC support library ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze1 MIT Kerberos runtime libraries - k ii libijs-0.35 0.35-7 IJS raster image transport protoco ii libkrb5-3 1.8.3+dfsg-4squeeze1 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l ii libpaper1 1.1.24 library for handling paper charact ii libpoppler5 0.12.4-1.2 PDF rendering library ii libslp1 1.2.1-7.8 OpenSLP libraries ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3 ii libusb-0.1-4 2:0.1.12-16 userspace USB programming library ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii poppler-utils 0.12.4-1.2 PDF utilitites (based on libpopple ii procps 1:3.2.8-9 /proc file system utilities ii ssl-cert 1.0.28 simple debconf wrapper for OpenSSL ii ttf-freefont 20090104-7 Freefont Serif, Sans and Mono True ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages cups recommends: ii cups-driver-gutenprint 5.2.6-1 printer drivers for CUPS ii foomatic-filters 4.0.5-6 OpenPrinting printer support - fil ii ghostscript-cups 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF Versions of packages cups suggests: ii cups-bsd 1.4.4-7 Common UNIX Printing System(tm) - pn cups-pdf <none> (no description available) ii foomatic-db 20100630-1 OpenPrinting printer support - dat ii hplip 3.10.6-2 HP Linux Printing and Imaging Syst ii smbclient 2:3.5.6~dfsg-3squeeze5 command-line SMB/CIFS clients for ii udev 164-3 /dev/ and hotplug management daemo pn xpdf-korean | xpd <none> (no description available) -- Configuration Files: /etc/cups/cupsd.conf changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
