Package: cups Version: 2.2.10-6 Severity: important
$ curl -v http://localhost:631/ ... > GET / HTTP/1.1 > Host: localhost:631 > User-Agent: curl/7.64.0 > Accept: */* > < HTTP/1.1 200 OK < Connection: Keep-Alive < Content-Language: en_US < Content-Length: 2364 < Content-Type: text/plain < Date: Thu, 11 Jul 2019 05:27:25 GMT < Keep-Alive: timeout=10 < Last-Modified: Tue, 23 Apr 2019 06:33:01 GMT < Accept-Encoding: gzip, deflate, identity < Server: CUPS/2.2 IPP/2.1 < X-Frame-Options: DENY < Content-Security-Policy: frame-ancestors 'none' < <!DOCTYPE HTML> <html> <head> <link rel="stylesheet" href="/cups.css" type="text/css"> <link rel="shortcut icon" href="/apple-touch-icon.png" type="image/png"> <meta charset="utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=9"> <meta name="viewport" content="width=device-width"> <title>Home - CUPS 2.2.10</title> </head> <body> <div class="header"> ... Obviously this is not correct. CUPS should serve it as Content-Type: text/html Firefox and Chromium display the served data as raw text, making web interface unusable. -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/32 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages cups depends on: ii cups-client 2.2.10-6 ii cups-common 2.2.10-6 ii cups-core-drivers 2.2.10-6 ii cups-daemon 2.2.10-6 ii cups-filters 1.21.6-5 ii cups-ppdc 2.2.10-6 ii cups-server-common 2.2.10-6 ii debconf [debconf-2.0] 1.5.71 ii ghostscript 9.27~dfsg-2 ii libavahi-client3 0.7-4+b1 ii libavahi-common3 0.7-4+b1 ii libc6 2.28-10 ii libcups2 2.2.10-6 ii libcupsimage2 2.2.10-6 ii libgcc1 1:8.3.0-6 ii libstdc++6 8.3.0-6 ii libusb-1.0-0 2:1.0.22-2 ii poppler-utils 0.71.0-5 ii procps 2:3.3.15-2 Versions of packages cups recommends: ii avahi-daemon 0.7-4+b1 ii colord 1.4.3-4 ii cups-filters [ghostscript-cups] 1.21.6-5 ii printer-driver-gutenprint 5.3.1-7 Versions of packages cups suggests: ii cups-bsd 2.2.10-6 pn cups-pdf <none> ii foomatic-db 20181217-2 pn hplip <none> ii printer-driver-hpcups 3.18.12+dfsg0-2 pn smbclient <none> ii udev 241-5 -- debconf information excluded