*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Eduardo Barretto 


I found plenty of old spool files in /var/spool/cups on two machines,
both 22.04 and formerly upgraded from 20.04, where files contained the
original print files, some even two years old, containing confidential
data that should have been delete long time ago.

Thus, cups keeps confidential data forever at a location the user can
neither see or delete.

Severe security gap, since attackers, investigators, attorneys, whoever, will 
find data in /var/spool/cups, which the user believes to have deleted, 
encrypted, or whatever.

** Affects: cups (Ubuntu)
     Importance: Undecided
         Status: New

cups keeps spool files forever and thus reveals confidential data
You received this bug notification because you are a member of Ubuntu Bugs, 
which is subscribed to the bug report.

ubuntu-bugs mailing list

Reply via email to