[ubuntu/jaunty-security] cups_1.3.9-17ubuntu3.4_sparc_translations.tar.gz, cups_1.3.9-17ubuntu3.4_amd64_translations.tar.gz, cups_1.3.9-17ubuntu3.4_lpia_translations.tar.gz, cups_1.3.9-17ubuntu3.4_ia64_translations.tar.gz, cups_1.3.9-17ubuntu3.4_i386_translations.tar.gz, cups_1.3.9-17ubuntu3.4_powerpc_translations.tar.gz, cups_1.3.9-17ubuntu3.4_hppa_translations.tar.gz, cups_1.3.9-17ubuntu3.4_armel_translations.tar.gz, cups 1.3.9-17ubuntu3.4 (Accepted)

Ubuntu Installer Tue, 10 Nov 2009 07:08:56 -0800

cups (1.3.9-17ubuntu3.4) jaunty-security; urgency=low

  * SECURITY UPDATE: XSS and CRLF injection in headers
    - debian/patches/CVE-2009-2820.dpatch: Introduce cgiClearVariables() in
      cgi-bin/{var.c,cgi.h}. Clear out variables in
      cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and
      clear out variables in cgi-bin/admin.c. Filter more characters in
      cgi-bin/template.c.
    - CVE-2009-2820
  * debian/rules: Do not have a failing test suite break the build. This is a
    temporary workaround for broken Ubuntu buildd chroots which cannot resolve
    their own hostname (see LP #447919).


Date: Sat, 31 Oct 2009 19:20:16 -0400
Changed-By: Marc Deslauriers <[email protected]>
Maintainer: Ubuntu Core Developers <[email protected]>
https://launchpad.net/ubuntu/jaunty/+source/cups/1.3.9-17ubuntu3.4

Format: 1.8
Date: Sat, 31 Oct 2009 19:20:16 -0400
Source: cups
Binary: libcups2 libcupsimage2 cups cups-client libcups2-dev libcupsimage2-dev 
cups-bsd cups-common cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd 
cupsys-dbg libcupsys2 libcupsys2-dev
Architecture: source
Version: 1.3.9-17ubuntu3.4
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <[email protected]>
Changed-By: Marc Deslauriers <[email protected]>
Description: 
 cups       - Common UNIX Printing System(tm) - server
 cups-bsd   - Common UNIX Printing System(tm) - BSD commands
 cups-client - Common UNIX Printing System(tm) - client programs (SysV)
 cups-common - Common UNIX Printing System(tm) - common files
 cups-dbg   - Common UNIX Printing System(tm) - debugging symbols
 cupsys     - Common UNIX Printing System (transitional package)
 cupsys-bsd - Common UNIX Printing System (transitional package)
 cupsys-client - Common UNIX Printing System (transitional package)
 cupsys-common - Common UNIX Printing System (transitional package)
 cupsys-dbg - Common UNIX Printing System (transitional package)
 libcups2   - Common UNIX Printing System(tm) - libs
 libcups2-dev - Common UNIX Printing System(tm) - development files
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System (transitional package)
 libcupsys2-dev - Common UNIX Printing System (transitional package)
Changes: 
 cups (1.3.9-17ubuntu3.4) jaunty-security; urgency=low
 .
   * SECURITY UPDATE: XSS and CRLF injection in headers
     - debian/patches/CVE-2009-2820.dpatch: Introduce cgiClearVariables() in
       cgi-bin/{var.c,cgi.h}. Clear out variables in
       cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and
       clear out variables in cgi-bin/admin.c. Filter more characters in
       cgi-bin/template.c.
     - CVE-2009-2820
   * debian/rules: Do not have a failing test suite break the build. This is a
     temporary workaround for broken Ubuntu buildd chroots which cannot resolve
     their own hostname (see LP #447919).
Checksums-Sha1: 
 3ff3165f2c080161fc98cacce1596e2ce5eef8db 1994 cups_1.3.9-17ubuntu3.4.dsc
 d1f56e499a4b49601d80745c0ea20543c26b01c9 335454 cups_1.3.9-17ubuntu3.4.diff.gz
Checksums-Sha256: 
 151e3c53ab66b8fbac54ab363d62d559e274a9fb46935838198b3de97c4fa502 1994 
cups_1.3.9-17ubuntu3.4.dsc
 a719c6b97e5e3a44025d231fa5a78664705b7beb9c09acbaa1d7d3309447b42e 335454 
cups_1.3.9-17ubuntu3.4.diff.gz
Files: 
 c6ac782dbbb04a8a775f62541e76a31c 1994 net optional cups_1.3.9-17ubuntu3.4.dsc
 b82f7db3a8bcfa9d3e93d1534b88e4b9 335454 net optional 
cups_1.3.9-17ubuntu3.4.diff.gz
Original-Maintainer: Debian CUPS Maintainers 
<[email protected]>

-- 
Jaunty-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/jaunty-changes

Reply via email to