On Fri, Nov 25, 2011 at 02:04:44PM +0100, Didier Raboud wrote: > Le vendredi, 25 novembre 2011 12.16:06, Didier Raboud a écrit : > > > > > > 2. Insecure tempfile handling: > > > https://bugzilla.novell.com/show_bug.cgi?id=704608 > > > https://bugs.launchpad.net/hplip/+bug/809904 > > > This is CVE-2011-2722 > > > > This seems to be fixed in 3.11.10, hence again, only stable is affected. > > The attached dpatch against the version currently in stable does fix that bug. > > As for oldstable, I couldn't find any occurence of this bug in the source > code.
CVE-2011-2722 itself doesn't warrant a DSA. Could the hplip maintainers please fix this through a point update? http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org