Le vendredi, 25 novembre 2011 12.22:24, Didier Raboud a écrit : > > Le mardi, 26 juillet 2011 23.07:01, Moritz Muehlenhoff a écrit : > > > > > > 1. Shell command injection in foomatic-rip-hplip: > > > https://bugzilla.novell.com/show_bug.cgi?id=698451 > > > This is CVE-2011-2697 > > > > As far as I can see, the culprit file is foomatic-rip-hplip, which is > > only shipped in hplip-ppds, and only in stable; testing and unstable > > versions rely on the fixed foomatic-rip from the foomatic-filters > > package.
> usr/lib/cups/filter/foomatic-rip-hplip (supposedly culprit file) is already > a symlink to usr/lib/cups/filter/foomatic-rip in the stable package. So > this CVE doesn't affect any version bigger than what is in stable And foomatic-rip-hplip is not in oldstable either, so it seems CVE-2011-2697 doesn't affect any currently released hplip. Cheers, -- OdyX
signature.asc
Description: This is a digitally signed message part.