I too got affected by this. To verify my system integrity, I ran debsums -s
...and /usr/lib/cups/backend/cups-brf was not readable so it was not verifiable, without requiring root.
It actually attracts attention, "I can easily download that file, so why is it not readable, what are they trying to protect, how can I exploit it?"
