Your message dated Fri, 13 Jul 2018 08:50:23 +0000
with message-id <e1fdtmr-00037v...@fasolo.debian.org>
and subject line Bug#903605: fixed in cups 2.2.8-5
has caused the Debian Bug report #903605,
regarding cups: CVE-2018-6553
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
903605: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903605
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: cups
Version: 2.2.1-8
Severity: serious
Tags: patch security
Control: fixed -1 2.2.1-8+deb9u2

Hi,

I'm filling this with severity serious, as it indicates a regression
from stable, given the issue was fixed already via DSA-4243-1 in
2.2.1-8+deb9u2.

CVE-2018-6553[0]:
AppArmor profile issue in cups

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-6553
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6553
[1] https://usn.ubuntu.com/usn/usn-3713-1
[2] https://lists.debian.org/debian-security-announce/2018/msg00172.html

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: cups
Source-Version: 2.2.8-5

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 903...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Didier Raboud <o...@debian.org> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 12 Jul 2018 18:48:48 +0200
Source: cups
Binary: libcups2 libcupsimage2 libcupscgi1 libcupsmime1 libcupsppdc1 cups 
cups-core-drivers cups-daemon cups-client cups-ipp-utils libcups2-dev 
libcupsimage2-dev cups-bsd cups-common cups-server-common cups-ppdc
Architecture: source
Version: 2.2.8-5
Distribution: unstable
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <o...@debian.org>
Description:
 cups       - Common UNIX Printing System(tm) - PPD/driver support, web interfa
 cups-bsd   - Common UNIX Printing System(tm) - BSD commands
 cups-client - Common UNIX Printing System(tm) - client programs (SysV)
 cups-common - Common UNIX Printing System(tm) - common files
 cups-core-drivers - Common UNIX Printing System(tm) - driverless printing
 cups-daemon - Common UNIX Printing System(tm) - daemon
 cups-ipp-utils - Common UNIX Printing System(tm) - IPP developer/admin 
utilities
 cups-ppdc  - Common UNIX Printing System(tm) - PPD manipulation utilities
 cups-server-common - Common UNIX Printing System(tm) - server common files
 libcups2   - Common UNIX Printing System(tm) - Core library
 libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library
 libcupscgi1 - Common UNIX Printing System(tm) - CGI library
 libcupsimage2 - Common UNIX Printing System(tm) - Raster image library
 libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS 
image li
 libcupsmime1 - Common UNIX Printing System(tm) - MIME library
 libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library
Closes: 903605
Changes:
 cups (2.2.8-5) unstable; urgency=high
 .
   * CVE-2018-6553: Fix AppArmor cupsd sandbox bypass due to use of hard links
     (Closes: #903605)
   * All these were fixed in 2.2.8:
     - CVE-2018-4180 Local Privilege Escalation to Root in dnssd Backend
       (CUPS_SERVERBIN)
     - CVE-2018-4181 Limited Local File Reads as Root via cupsd.conf Include
       Directive
     - CVE-2018-4182 cups-exec Sandbox Bypass Due to Insecure Error Handling
     - CVE-2018-4183 cups-exec Sandbox Bypass Due to Profile Misconfiguration
Checksums-Sha1:
 483f06886c5a7cb9cb478e7d052f3398c8bcd5a1 3467 cups_2.2.8-5.dsc
 ba22875e59a37ad516070520210efc1c89802498 351624 cups_2.2.8-5.debian.tar.xz
Checksums-Sha256:
 2f27b624cd965f100906ea5bba0abea9cc9daadbfef42bbeab021b8ffd184ce6 3467 
cups_2.2.8-5.dsc
 4f1e27226659d44d6b3409d7509d53ebd64976b85a0bb7331efd50d4e362d547 351624 
cups_2.2.8-5.debian.tar.xz
Files:
 ce46b9e693449e477fa5943bea687b72 3467 net optional cups_2.2.8-5.dsc
 80e19d7cf637f8523c0b2bc43ae83639 351624 net optional cups_2.2.8-5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEe+WPIRpjNw1/GSB7i8+nHsoWNFUFAltIXaEACgkQi8+nHsoW
NFV+WAv/ZDZ7SuRdxkoupyG/Q2JrnIJuCCryRlUWKjudO0Wiu2c4VRc8eAUNcv+6
sSEFC6RDWuV2767BMkdvlbqIsoa/tpiIhP8CNJgOckKn645vvNxNAHq3+yshX6DD
nLCUsdyXJc3NBSY2jUeFV8NIyd4An3GNHRmEUBTGfbCLR6I8Ux7BeKhRIQZWAljR
w+LFdTNoXIxPe89ZU3D7+mFGYdg0apqLDObH7nStyPDU++oOh2OI0sNmjOA++ETY
kGN7I8PO1lG6MnUpDwyU2WbPjI6ZSBBYlm6LWldfsmt67oUN2NxedXUy25HJd7XV
OLV0dJCRQwzp9qDPI5pcDbOef+GB5KwUlPurK/LNPLPGymz3ZCxK2oynHRxkep3/
GZwEQPtcwaGgHtdfOWELOZ9A1Xa0bMs0/FhxODtds0cIDQ40f+6Wo1inw2NXZpse
ajn0wcpymGMKWEeWs64mdb5mpv17KP8WWUgnTuYvol+L+kNyw7U9DgIOC4KuDTnX
qyW/JG0o
=pb3x
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to