** Information type changed from Private Security to Public Security ** Changed in: cups (Ubuntu) Status: New => Confirmed
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1995402 Title: cups keeps spool files forever and thus reveals confidential data Status in cups package in Ubuntu: Confirmed Bug description: Hi, I found plenty of old spool files in /var/spool/cups on two machines, both 22.04 and formerly upgraded from 20.04, where files contained the original print files, some even two years old, containing confidential data that should have been delete long time ago. Thus, cups keeps confidential data forever at a location the user can neither see or delete. Severe security gap, since attackers, investigators, attorneys, whoever, will find data in /var/spool/cups, which the user believes to have deleted, encrypted, or whatever. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1995402/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp