Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Dear Oldstable Release Team, CVE-2019-2228 affects oldstable's cups (see #946782); and I'd also like to fix another memory leak (#946941). (See #947832 for the stable/buster pu) My proposed changelog would be: cups (2.2.1-8+deb9u5) stretch; urgency=medium * Backport upstream security fixes: - Fix memory leak in ppdOpen (Closes: #946941) - CVE-2019-2228: The `ippSetValuetag` function did not validate the default language value (Closes: #946782) -- Didier Raboud <o...@debian.org> Tue, 31 Dec 2019 14:25:30 +0100 … the proposed debdiff is attached. Cheers, OdyX
diff -Nru cups-2.2.1/debian/changelog cups-2.2.1/debian/changelog --- cups-2.2.1/debian/changelog 2019-08-21 09:51:54.000000000 +0200 +++ cups-2.2.1/debian/changelog 2019-12-31 14:25:30.000000000 +0100 @@ -1,3 +1,12 @@ +cups (2.2.1-8+deb9u5) stretch; urgency=medium + + * Backport upstream security fixes: + - Fix memory leak in ppdOpen (Closes: #946941) + - CVE-2019-2228: The `ippSetValuetag` function did not validate the + default language value (Closes: #946782) + + -- Didier Raboud <o...@debian.org> Tue, 31 Dec 2019 14:25:30 +0100 + cups (2.2.1-8+deb9u4) stretch; urgency=low * Fix multiple security/disclosure issues (Closes: #934957) diff -Nru cups-2.2.1/debian/.git-dpm cups-2.2.1/debian/.git-dpm --- cups-2.2.1/debian/.git-dpm 2019-08-21 09:51:54.000000000 +0200 +++ cups-2.2.1/debian/.git-dpm 2019-12-31 14:25:08.000000000 +0100 @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -8d6c8479d69d091ee83bbf7e10249f98cdaefa99 -8d6c8479d69d091ee83bbf7e10249f98cdaefa99 +c60d0154b20313af2bdec051ab5473320a6de1e8 +c60d0154b20313af2bdec051ab5473320a6de1e8 a3ed22ee480a278acc27433ecbc16eaa63cf2b2e a3ed22ee480a278acc27433ecbc16eaa63cf2b2e cups_2.2.1.orig.tar.gz diff -Nru cups-2.2.1/debian/patches/0055-Fix-memory-leak-in-ppdOpen.patch cups-2.2.1/debian/patches/0055-Fix-memory-leak-in-ppdOpen.patch --- cups-2.2.1/debian/patches/0055-Fix-memory-leak-in-ppdOpen.patch 1970-01-01 01:00:00.000000000 +0100 +++ cups-2.2.1/debian/patches/0055-Fix-memory-leak-in-ppdOpen.patch 2019-12-31 14:25:08.000000000 +0100 @@ -0,0 +1,32 @@ +From bf1d779750f63fd2519865ac5cd5656cbdd9e3e0 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet <michael.r.sw...@gmail.com> +Date: Thu, 1 Aug 2019 13:02:35 -0400 +Subject: Fix memory leak in ppdOpen + +Closes: #946941 +--- + cups/ppd.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/cups/ppd.c b/cups/ppd.c +index 44a22c5cb..42fff3509 100644 +--- a/cups/ppd.c ++++ b/cups/ppd.c +@@ -719,6 +719,8 @@ _ppdOpen( + strncmp(ll, keyword, ll_len))) + { + DEBUG_printf(("2_ppdOpen: Ignoring localization: \"%s\"\n", keyword)); ++ free(string); ++ string = NULL; + continue; + } + else if (localization == _PPD_LOCALIZATION_ICC_PROFILES) +@@ -738,6 +740,8 @@ _ppdOpen( + if (i >= (int)(sizeof(color_keywords) / sizeof(color_keywords[0]))) + { + DEBUG_printf(("2_ppdOpen: Ignoring localization: \"%s\"\n", keyword)); ++ free(string); ++ string = NULL; + continue; + } + } diff -Nru cups-2.2.1/debian/patches/0056-CVE-2019-2228-Fix-ippSetValueTag-validation-of-defau.patch cups-2.2.1/debian/patches/0056-CVE-2019-2228-Fix-ippSetValueTag-validation-of-defau.patch --- cups-2.2.1/debian/patches/0056-CVE-2019-2228-Fix-ippSetValueTag-validation-of-defau.patch 1970-01-01 01:00:00.000000000 +0100 +++ cups-2.2.1/debian/patches/0056-CVE-2019-2228-Fix-ippSetValueTag-validation-of-defau.patch 2019-12-31 14:25:08.000000000 +0100 @@ -0,0 +1,23 @@ +From c60d0154b20313af2bdec051ab5473320a6de1e8 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet <michael.r.sw...@gmail.com> +Date: Fri, 13 Dec 2019 09:30:46 -0500 +Subject: CVE-2019-2228: Fix ippSetValueTag validation of default language + +Closes: #946782 +--- + cups/ipp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cups/ipp.c b/cups/ipp.c +index 843b4d997..8840a1d09 100644 +--- a/cups/ipp.c ++++ b/cups/ipp.c +@@ -4721,7 +4721,7 @@ ippSetValueTag( + return (0); + + if (ipp->attrs && ipp->attrs->next && ipp->attrs->next->name && +- !strcmp(ipp->attrs->next->name, "attributes-natural-language")) ++ !strcmp(ipp->attrs->next->name, "attributes-natural-language") && (ipp->attrs->next->value_tag & IPP_TAG_CUPS_MASK) == IPP_TAG_LANGUAGE) + { + /* + * Use the language code from the IPP message... diff -Nru cups-2.2.1/debian/patches/series cups-2.2.1/debian/patches/series --- cups-2.2.1/debian/patches/series 2019-08-21 09:51:54.000000000 +0200 +++ cups-2.2.1/debian/patches/series 2019-12-31 14:25:08.000000000 +0100 @@ -52,3 +52,5 @@ 0052-DBUS-notifications-could-crash-the-scheduler-Issue-5.patch 0053-CVE-2018-4700-Linux-session-cookies-used-a-predictab.patch 0054-Fix-multiple-security-disclosure-issues.patch +0055-Fix-memory-leak-in-ppdOpen.patch +0056-CVE-2019-2228-Fix-ippSetValueTag-validation-of-defau.patch