Your message dated Fri, 19 May 2023 17:18:55 +0000 with message-id <e1q03kl-009gdg...@fasolo.debian.org> and subject line Bug#1036224: fixed in cups-filters 1.28.17-3 has caused the Debian Bug report #1036224, regarding cups-filters: CVE-2023-24805 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1036224: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036224 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: cups-filters Version: 1.28.17-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for cups-filters. CVE-2023-24805[0]: | RCE in cups-filters, beh CUPS backend If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-24805 https://www.cve.org/CVERecord?id=CVE-2023-24805 [1] https://www.openwall.com/lists/oss-security/2023/05/17/5 [2] https://github.com/OpenPrinting/cups-filters/commit/93e60d3df35 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: cups-filters Source-Version: 1.28.17-3 Done: Thorsten Alteholz <deb...@alteholz.de> We believe that the bug you reported is fixed in the latest version of cups-filters, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1036...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <deb...@alteholz.de> (supplier of updated cups-filters package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 19 May 2023 18:25:20 +0200 Source: cups-filters Architecture: source Version: 1.28.17-3 Distribution: unstable Urgency: medium Maintainer: Debian Printing Team <debian-print...@lists.debian.org> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Closes: 1036224 Changes: cups-filters (1.28.17-3) unstable; urgency=medium . * CVE-2023-24805 prevent arbitrary command execution by escaping the quoting of the arguments in a job with a forged job title more information are available in the commit message at: https://github.com/OpenPrinting/cups-filters/commit/93e60d3df35 (Closes: #1036224) Checksums-Sha1: bee6876cdd43bc9dad8b1d25063fc0cb3b27a04b 2981 cups-filters_1.28.17-3.dsc a043e527c1292e2534630934c43bcec38c602f0b 86072 cups-filters_1.28.17-3.debian.tar.xz ac9f171e478a1eaf29eb34a2dd3df8e5216251e1 14151 cups-filters_1.28.17-3_amd64.buildinfo Checksums-Sha256: e48af28143b7404e28c029ee9441c9ecbba289c8ca8986217fcd24331aae327c 2981 cups-filters_1.28.17-3.dsc 01020ea146741dbc3d854a58013603d78772616283c297cf2c4a11033424409a 86072 cups-filters_1.28.17-3.debian.tar.xz 1dc3b134ab9166d352c4f89e5025fb3cfc2b67c77d3645aecfaf794789546888 14151 cups-filters_1.28.17-3_amd64.buildinfo Files: fb36d5825e895953c9ec1489727b6256 2981 net optional cups-filters_1.28.17-3.dsc ed03bc28b93f74955cd5607905ec5bda 86072 net optional cups-filters_1.28.17-3.debian.tar.xz 70c788e15565b8903918d5bccf6a1ae6 14151 net optional cups-filters_1.28.17-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmRnqaBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR31YD/9hxdQ1hgSU1iTGAXku6r4tPp36IA9+ InogwbgQfW4mA5aRVmRA5rv+itnPDDqiEBQcWoTom0Bd1Od4K53+Zsi3q+EmuR1g 2Sk55VGzU+yR3S+ol+VAYVwJp10rVe8lQITGVOhGsaRTXtnFSkdX9lHgCtgC0SNs m1D7hlMBJf1omwfAAzjYIUA0i6QCs3obOXZ1VgsB7IICf3JKkonQFGgAExnTSTRH xy9QO3EdkDxNaxV1HVwfoS8e2fgJkaTAGSIJOkCD8XRaoAGbOb4qwIZUrNf/9+iz YQxR71eGtxVunbbRkBF3NBHo1g+NznWBViOq5LL+TqA47hs6A4F+3J85DPUimhnV xZfVRK3on9cEy9DoHC/yWYuHtIlRt/D119jJbfC1csjsQOWX3Kmilhz3yZsw9aez SJGqi4EdWoJrQtbY53EcoCajUEgBnmmkAI/Q6ocEYF9W3IyuZRxDOsDFCO7IDxZx 4YGVo9OBzPb3EV/lY39tegWXHcpWKZnxiL1AAlVsjBIi2GLNy3RoQK6q8/u98hJS cXLYZ7x9OUA7TZ6ieLu6mYxWgIjQ2xPZYxkgWidSdUIYzh48NMbe6FDJdgqQpbdL 2pe+tlKenZoj5/lNEm8VvwQMylAK46Hv5GQP5wC89egnv/P9bPuKTgOCMGi2YK6T 7vkZrXgXmU2n7g== =NG91 -----END PGP SIGNATURE-----
--- End Message ---
