** Information type changed from Private Security to Public Security
** Changed in: cups (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1995402
Title:
cups keeps spool files forever and thus reveals confidential data
Status in cups package in Ubuntu:
Confirmed
Bug description:
Hi,
I found plenty of old spool files in /var/spool/cups on two machines,
both 22.04 and formerly upgraded from 20.04, where files contained the
original print files, some even two years old, containing confidential
data that should have been delete long time ago.
Thus, cups keeps confidential data forever at a location the user can
neither see or delete.
Severe security gap, since attackers, investigators, attorneys, whoever, will
find data in /var/spool/cups, which the user believes to have deleted,
encrypted, or whatever.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1995402/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
