Hi Didier, On Wed, Jan 20, 2016 at 08:29:29AM +0100, Didier 'OdyX' Raboud wrote: > Le mardi, 19 janvier 2016, 00.38:02 Till Kamppeter a écrit : > > On 01/14/2016 10:07 AM, Didier 'OdyX' Raboud wrote: > > > Le jeudi, 14 janvier 2016, 01.38:19 Till Kamppeter a écrit : > > >> Hi, > > >> > > >> I have released cups-filters 1.6.0 now, with the following changes: > > >> (…) > > >> - foomatic-rip: Fixed buffer overflow when reading environment > > >> variables CUPS_FONTPATH, CUPS_DATADIR, and GS_LIB (Bug > > >> #1336). > > > > > > Is this of any security-related concern? > > > > Yes, but it did not get a CVE. > > Security-Team: an opinion there?
Just for the record, we think this issue is no-dsa (and was marked as such already in the security-tracker). Unsure if this issue actually needs a CVE. Till if you think so can you request one via the oss-security mailinglist? Regards, Salvatore
signature.asc
Description: PGP signature
