Bug#741318: marked as done (cups-filters: CVE-2013-6476 CVE-2013-6475 CVE-2013-6474 CVE-2013-6473)

Debian Bug Tracking System Tue, 11 Mar 2014 06:06:50 -0700

Your message dated Tue, 11 Mar 2014 13:03:27 +0000
with message-id <e1wnml9-0003jt...@franck.debian.org>
and subject line Bug#741318: fixed in cups-filters 1.0.47-1
has caused the Debian Bug report #741318,
regarding cups-filters: CVE-2013-6476 CVE-2013-6475 CVE-2013-6474 CVE-2013-6473
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
741318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741318
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: cups-filters
Severity: grave
Tags: security
Justification: user security hole

Hi,
Fixed upstream in 1.0.47:

CVE-2013-6473:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175

CVE-2013-6474:
CVE-2013-6475:
CVE-2013-6476:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176

I haven't checked the filters from src:cups in oldstable yet.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: cups-filters
Source-Version: 1.0.47-1

We believe that the bug you reported is fixed in the latest version of
cups-filters, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 741...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Didier Raboud <o...@debian.org> (supplier of updated cups-filters package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 11 Mar 2014 13:36:14 +0100
Source: cups-filters
Binary: libcupsfilters1 libfontembed1 cups-filters cups-filters-core-drivers 
libcupsfilters-dev libfontembed-dev cups-browsed
Architecture: source amd64
Version: 1.0.47-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-print...@lists.debian.org>
Changed-By: Didier Raboud <o...@debian.org>
Description: 
 cups-browsed - OpenPrinting CUPS Filters - cups-browsed
 cups-filters - OpenPrinting CUPS Filters - Main Package
 cups-filters-core-drivers - OpenPrinting CUPS Filters - PPD-less printing
 libcupsfilters-dev - OpenPrinting CUPS Filters - Development files for the 
library
 libcupsfilters1 - OpenPrinting CUPS Filters - Shared library
 libfontembed-dev - OpenPrinting CUPS Filters - Development files for font 
embed libr
 libfontembed1 - OpenPrinting CUPS Filters - Font Embed Shared library
Closes: 741318
Changes: 
 cups-filters (1.0.47-1) unstable; urgency=medium
 .
   * New upstream release 1.0.47
      - pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475,
        and CVE-2013-6476: Introduction of gmallocn and gmallocn3
        to protect against arbitrary code execution with the
        privileges of the "lp" user via malicious PDF files. Also
        restrict the directory from where OPVP drivers can get
        loaded (Closes: #741318)
      - urftopdf: SECURITY FIX for CVE-2013-6473: Two heap-based
        buffer overflow flaws in urftopdf. If a malicious URF file
        were processed it could lead to arbitrary code execution
        with the privileges of the "lp" user (Closes: #741318)
 .
   [ Till Kamppeter ]
   * Demote Dependency of cups-browsed on avahi-daemon to Recommends, also
     remove "on started avahi-daemon" from the "start on ..." rule in
     /etc/init/cups-browsed.conf (LP: #1242185, LP: #1178172)
Checksums-Sha1: 
 9952f45c5cdf26e369a55898f30e4f01777a6f2f 2681 cups-filters_1.0.47-1.dsc
 1645b70f83c9e3722860848c6db67a5916d480a7 1310256 
cups-filters_1.0.47.orig.tar.xz
 12ef54f8c1719245e961dfdce7475177665f454e 63588 
cups-filters_1.0.47-1.debian.tar.xz
 a1aa9605a0b16721af720c67a365a89424f44299 96948 
libcupsfilters1_1.0.47-1_amd64.deb
 556797a3793c25d6dc6f5412805e57f6d8849c83 66326 libfontembed1_1.0.47-1_amd64.deb
 abf229126bb10eda706d55bf6a631ecc585b3360 471774 cups-filters_1.0.47-1_amd64.deb
 e444b99e1fa81e4b52ccd79a19120f4d68a7a2a6 131666 
cups-filters-core-drivers_1.0.47-1_amd64.deb
 73375f8f87094a9ae0709391b2775dbd004e98f4 103174 
libcupsfilters-dev_1.0.47-1_amd64.deb
 697f3085ba18ae9e6c1a57d04696dc9f48a5099e 69052 
libfontembed-dev_1.0.47-1_amd64.deb
 4163980c2b7fbe466999fb31baada35829b33fb1 71280 cups-browsed_1.0.47-1_amd64.deb
Checksums-Sha256: 
 e18ffd9634e7a58a858e6df4c8a9db44600985b070b6fec2dc36b9e6e25f0cda 2681 
cups-filters_1.0.47-1.dsc
 5c49f221f0b2954584eb17303e618a2db59027434d9a48a89c11faf03a9f0870 1310256 
cups-filters_1.0.47.orig.tar.xz
 adfdeb38e398096f026896c53265de31582988df39803af9d44c26e94798dee4 63588 
cups-filters_1.0.47-1.debian.tar.xz
 af35af575991d3325f2c119c808282603f7c6d1d688e202de4391a73702fe1dd 96948 
libcupsfilters1_1.0.47-1_amd64.deb
 8901cd9eab1c66f8b82c925bfd5128751e751c9d0f5b1f120a7c86616e6acd0a 66326 
libfontembed1_1.0.47-1_amd64.deb
 6da88d8d6412c478d4ffa0981e1b754dfe742a5e918bc329d04d48485aa08255 471774 
cups-filters_1.0.47-1_amd64.deb
 4095c6aee8b5a416699acedfebbfb353ea08850f5c9a5af325ae9ab9df9c1220 131666 
cups-filters-core-drivers_1.0.47-1_amd64.deb
 c82a9566486d39161ff8d89c88535607ffaf45924618d3f684ea4c155573a471 103174 
libcupsfilters-dev_1.0.47-1_amd64.deb
 08f8e818edc535f5745ea874ebe3e33cc19b32761c5a7a3ba61e5eceaaeca8c1 69052 
libfontembed-dev_1.0.47-1_amd64.deb
 e1ce21ffe8b4c4e8e15a74c99c20f64e63f9b96370faf1eb69ae4b9eea57462a 71280 
cups-browsed_1.0.47-1_amd64.deb
Files: 
 8a686707fbbaf3c8a33cce8d559f085a 2681 net optional cups-filters_1.0.47-1.dsc
 c1baecc8996c97af1ffe58b5f2046e86 1310256 net optional 
cups-filters_1.0.47.orig.tar.xz
 e73ac72ace3df789f7d8056e430f461b 63588 net optional 
cups-filters_1.0.47-1.debian.tar.xz
 b2b6be26840c8a2a864df35c9ff44c47 96948 libs optional 
libcupsfilters1_1.0.47-1_amd64.deb
 f745beaa2ff0dc09b08ae6fed6b4775c 66326 libs optional 
libfontembed1_1.0.47-1_amd64.deb
 9835325329e2e41a32007c51d7f24e8b 471774 net optional 
cups-filters_1.0.47-1_amd64.deb
 ceccf06694de655b2c79797f9b835261 131666 net optional 
cups-filters-core-drivers_1.0.47-1_amd64.deb
 b33814e62d433ea481b74875ac303232 103174 libdevel optional 
libcupsfilters-dev_1.0.47-1_amd64.deb
 14c0601385265b63f14987022da78cf7 69052 libdevel optional 
libfontembed-dev_1.0.47-1_amd64.deb
 054d2d6300c90ba1d954c401e0a9d631 71280 net optional 
cups-browsed_1.0.47-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCAAGBQJTHwiEAAoJEIvPpx7KFjRVC6oMAI9aAlG9lGp3VlndqaW4gUS6
AoS9N8pua2xfDajYoAyp8+OT9kTs4oT3NgC4TJpougRJhp5GNvTlA1fZizJe+Q5J
strPOAd4gWusN9v8II4n84xrZRs/aPRUkYm8Ux2NSjPkbP9j5c0ZXiqHWDywnV2M
3qLFAa2OWUc+UFYmaZ7/4J3tpu1CDJavLsMdB5Ehr7l2J8C+IH/9O3Q092bqxh9H
G1FLToNXm84S8eY5cHoSb7MpzLJ8DgEZPqqsyYJibTT4HDEplWXu1w4oG+yXFe9m
5c+YZ9+iqfGF5byWCXgClCqsJ1ejWV9WzkI9b5PJulrCO2cJSnLbqHVTdWvusa5R
E8MsK7jxQxKiT5bbBrQJQHUT3PlcMezf4aVyThOpu9v10y6i3hOGf3l/R3Li9CZF
mdSqVQcH/71qVYEo3nHo81EQqO0q7L2m5JZE5HmdTTfOd6iw8VYhf8OYnhfY3T/V
JNNw2UlQvk0JOPNO8qov55NUudyCMI1bxG35C+KJvQ==
=jT5t
-----END PGP SIGNATURE-----

--- End Message ---

Bug#741318: marked as done (cups-filters: CVE-2013-6476 CVE-2013-6475 CVE-2013-6474 CVE-2013-6473)

Reply via email to