This bug was fixed in the package cups - 1.7.2-0ubuntu1.7
---
cups (1.7.2-0ubuntu1.7) trusty-security; urgency=medium
* Disable SSLv3 with option to turn back on.
- debian/patches/disable-sslv3.patch: AllowSSL3 turns SSLv3
back on and AllowRC4 turns on just the RC4
ACK on the updated debdiff, thanks!
I've changed my mind, and will release it as a security update after all
if testing goes well.
Thanks!
** Changed in: cups (Ubuntu Trusty)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a
This part of the patch is wrong:
@@ -895,18 +922,6 @@ _cupsSetDefaults(void)
* Look for ~/.cups/client.conf...
*/
- snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
- fp = cupsFileOpen(filename, "r");
-}
-else
- fp = NULL;
-
-if (!fp)
New debdiff with fix for C#15
** Patch added: "cups_1.7.2-0ubuntu1.7.debdiff"
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1505328/+attachment/4531562/+files/cups_1.7.2-0ubuntu1.7.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
** Patch removed: "now current debdiff (fixes accidentally included file)"
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1505328/+attachment/4511465/+files/cups_1.7.2-0ubuntu1.7.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
** Also affects: cups (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: cups (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: cups (Ubuntu Trusty)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Forgot to mark it fixed in devel (since wily at least)
** Changed in: cups (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1505328
** Description changed:
+ [Impact]
+
+ * Cups in Trusty is vulnerbable to the Poodle SSLv3. This disables it by
default.
+ * Users who have clients that don't support TLS1.0 will not be able to
connect, unless
+ they specify the additional options in cupsd.conf.
+
+ [Test Case]
+
+ *
** Bug watch removed: Red Hat Bugzilla #1161171
https://bugzilla.redhat.com/show_bug.cgi?id=1161171
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1505328
Title:
Cups SSL
** Description changed:
[Impact]
- * Cups in Trusty is vulnerbable to the Poodle SSLv3. This disables it by
default.
- * Users who have clients that don't support TLS1.0 will not be able to
connect, unless
- they specify the additional options in cupsd.conf.
+ * Cups in Trusty is
Really fixed extra file, added LP #, and removed "Upgrade to SSLv3"
part.
** Patch added: "cups_1.7.2-0ubuntu1.7.debdiff"
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1505328/+attachment/4517582/+files/cups_1.7.2-0ubuntu1.7.debdiff
--
You received this bug notification because you
1- The debdiff in comment #9 still contains an extra
cups-1.7.2/lets_patch_this.patch section. Could you please remove it?
2- Please add an origin tag to the patch that traces back to redhat's 1161172
bug, since I believe that's what you based the backport on
3- Also, I don't think we should do
Also, please add "(LP: #1505328)" to the debian/changelog.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1505328
Title:
Cups SSL is vulernable to POODLE
Status in cups
** Tags added: precise trusty
** Changed in: cups (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1505328
Title:
Cups SSL is
Related issue for 14.04 -
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1510163
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1505328
Title:
Cups SSL is
** Patch added: "now current debdiff (fixes accidentally included file)"
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1505328/+attachment/4511465/+files/cups_1.7.2-0ubuntu1.7.debdiff
** Patch removed: "debdiff for 14.04"
The attachment "now current debdiff (fixes accidentally included file)"
seems to be a debdiff. The ubuntu-sponsors team has been subscribed to
the bug report so that they can review and hopefully sponsor the
debdiff. If the attachment isn't a patch, please remove the "patch"
flag from the
I'm thinking it makes sense to do this as a normal (not security update)
as it changes the default config.
For 12.04, I haven't seen any demand to backport this.
** Patch added: "debdiff for 14.04"
Made it into a more proper ppa for 14.04 -
https://launchpad.net/~bryanquigley/+archive/ubuntu/ppa
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1505328
Title:
Cups SSL is
Test fix for 14.04 is available here -
http://people.canonical.com/~bryanquigley/cups-1505328
Does anyone need this fix for 12.04?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
Patch in progress for 14.04 http://pastebin.ubuntu.com/12904343/ for
some reason fails to fix Poodle on TLS issue.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1505328
None of these issues exist in vivid, cups version 2.0.2-1ubuntu3.2. No
RC4, No SSLv3, No Poodle on TLS. Would have an A- rating (if it was a
valid domain/cert).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in
Interesting - 14.10 has SSLv3, RC4 issues, but Poodle on TLS is not there
(overall grade C). Cups 1.7.5-3ubuntu3.2, libgnutls-deb0-28
vs 14.04 - cups 1.7.2-0ubuntu1.6, libgnutls26
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
What RH did:
https://rhn.redhat.com/errata/RHBA-2015-1346.html
https://bugzilla.redhat.com/show_bug.cgi?id=1161171
https://bugzilla.redhat.com/show_bug.cgi?id=1161172
Upstream patch - http://pastebin.ubuntu.com/12879503/
** Bug watch added: Red Hat Bugzilla #1161171
** Tags added: poodle
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1505328
Title:
Cups SSL is vulernable to POODLE
Status in cups package in Ubuntu:
New
Bug
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3566
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1505328
Title:
Cups SSL is vulernable to POODLE
26 matches
Mail list logo