Note: disabling he web interface is not enough, you also need to disable HTTP PUT in cupsd, which takes care of cupsctl too. However, since that also disables helpful things like changing the log level you might want to reconsider fixing things that way...
Sent from my iPad On 2012-11-27, at 3:51 PM, Didier 'OdyX' Raboud <o...@debian.org> wrote: > Le mardi, 27 novembre 2012 15.30:46, Marc Deslauriers a écrit : >> FYI, as a security fix for our stable releases in Ubuntu, we plan on >> disabling cupsd.conf modification in the web interface entirely. >> Attached is the patch we plan on using. > > Hi Marc, > > while testing your patch I noticed it was not masking the "Edit Configuration > File" input button in all locales (found in templates/*/admin.tmpl in 1.5.3). > > Updated patch is attached. > > Cheers, > > OdyX > <CVE-2012-5519.patch> -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org