Public bug reported:
cups (2.4.10-2) unstable; urgency=medium
[ Helge Kreutzmann ]
* Update German man page (2219t)
[ Thorsten Alteholz ]
* CVE-2024-47175
Fix CVE and upstream also added some extra hardening to patch
- validate URIs, attribute names, and capabilities
in cups/ppd-cache.c, scheduler/ipp.c
- sanitize make and model in cups/ppd-cache.c
- PPDize preset and template names in cups/ppd-cache.c
- quote PPD localized strings in cups/ppd-cache.c
- fix warnings in cups/ppd-cache.c
-- Thorsten Alteholz <[email protected]> Thu, 26 Sep 2024 23:45:05
+0200
The debian CVE mega-patch is identical to our 5 patches, I've verified after
applying patches (there's just a copyright year diff).
** Affects: cups (Ubuntu)
Importance: Wishlist
Status: Confirmed
** Changed in: cups (Ubuntu)
Status: New => Confirmed
** Changed in: cups (Ubuntu)
Importance: Undecided => Wishlist
** Summary changed:
- Please merge cups cups_2.4.10-2
+ Please merge cups cups_2.4.10-2 from debian unstable
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2089041
Title:
Please merge cups cups_2.4.10-2 from debian unstable
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/2089041/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
