-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-11205 2011-08-19 21:17:25 --------------------------------------------------------------------------------
Name : foomatic Product : Fedora 14 Version : 4.0.8 Release : 3.fc14 URL : http://www.linuxprinting.org Summary : Tools for using the foomatic database of printers and printer drivers Description : Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. This package contains utilities to generate driver description files and printer queues for CUPS, LPD, LPRng, and PDQ using the database (packaged separately). There is also the possibility to read the PJL options out of PJL-capable laser printers and take them into account at the driver description file generation. There are spooler-independent command line interfaces to manipulate queues (foomatic-configure) and to print files/manipulate jobs (foomatic printjob). The site http://www.linuxprinting.org/ is based on this database. -------------------------------------------------------------------------------- Update Information: This package fixes CVE-2011-2924 by using mktemp when creating a debug log file in debug mode. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 18 2011 Tim Waugh <[email protected]> - 4.0.8-3 - Another fix for CVE-2011-2924 (bug #726426). * Thu Aug 18 2011 Tim Waugh <[email protected]> - 4.0.8-2 - Use mktemp when creating debug log file in foomatic-rip (CVE-2011-2924, bug #726426). * Mon Jul 25 2011 Jiri Popelka <[email protected]> - 4.0.8-1 - 4.0.8 (all patches merged upstream) * Wed Jul 20 2011 Tim Waugh <[email protected]> - 4.0.7-2 - Fix improper sanitization of command line options (bug #721001, CVE-2011-2697). * Mon Feb 21 2011 Jiri Popelka <[email protected]> - 4.0.7-1 - 4.0.7 * Tue Dec 21 2010 Tim Waugh <[email protected]> - 4.0.6-2 - Use perl_vendorlib macro instead of defining our own. * Thu Dec 16 2010 Jiri Popelka <[email protected]> - 4.0.6-1 - 4.0.6 * Thu Dec 9 2010 Tim Waugh <[email protected]> - 4.0.5-4 - Rebuilt for new device IDs. * Fri Oct 15 2010 Tim Waugh <[email protected]> - 4.0.5-3 - Removed hard-coded perl paths from spec file. * Tue Oct 5 2010 Tim Waugh <[email protected]> - 4.0.5-2 - Updated summary and description to more accurately reflect package contents (bug #630651). -------------------------------------------------------------------------------- References: [ 1 ] Bug #726426 - CVE-2011-2923 CVE-2011-2924 foomatic: foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data https://bugzilla.redhat.com/show_bug.cgi?id=726426 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update foomatic' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
