Your message dated Mon, 25 May 2026 00:49:09 +0000
with message-id <[email protected]>
and subject line Bug#1137374: fixed in hplip 3.26.4+dfsg0-1
has caused the Debian Bug report #1137374,
regarding hplip: CVE-2026-8631 CVE-2026-8632
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1137374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137374
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: hplip
Version: 3.22.10+dfsg0-8.1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for hplip.
CVE-2026-8631[0]:
| A potential security vulnerability has been identified in the HP
| Linux Imaging and Printing Software. This potential vulnerability
| may allow escalation of privileges and/or arbitrary code execution
| via an integer overflow in the hpcups processing path when handling
| crafted print data.
CVE-2026-8632[1]:
| A potential security vulnerability has been identified in the HP
| Linux Imaging and Printing Software. This potential vulnerability
| may allow escalation of privileges and/or arbitrary code execution
| via operating system command injection.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-8631
https://www.cve.org/CVERecord?id=CVE-2026-8631
[1] https://security-tracker.debian.org/tracker/CVE-2026-8632
https://www.cve.org/CVERecord?id=CVE-2026-8632
[2] https://support.hp.com/us-en/document/ish_14942099-14942126-16/hpsbpi04118
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: hplip
Source-Version: 3.26.4+dfsg0-1
Done: Thorsten Alteholz <[email protected]>
We believe that the bug you reported is fixed in the latest version of
hplip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated hplip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 23 May 2026 20:14:59 +0200
Source: hplip
Architecture: source
Version: 3.26.4+dfsg0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Closes: 1076032 1114148 1120865 1137374
Changes:
hplip (3.26.4+dfsg0-1) unstable; urgency=medium
.
* Update to new upstream version 3.26.4+dfsg0.
(Closes: #1137374)
(Closes: #1076032)
(Closes: #1120865)
* add patch to fix gcc-15 issue (Closes: #1114148)
* debian/control: add dependency of gawk
Checksums-Sha1:
8b67a48b6d01bea9087c780ee34423177cbde96c 3214 hplip_3.26.4+dfsg0-1.dsc
928e206707ef0265dede4aa4e90e9897608836f7 9434668 hplip_3.26.4+dfsg0.orig.tar.xz
314c95fba31ea5097fc30dfad083c824eedd6cf4 147060
hplip_3.26.4+dfsg0-1.debian.tar.xz
fd1f35d336b7eea067776d7b436ebf1f2aa37a7e 20380
hplip_3.26.4+dfsg0-1_amd64.buildinfo
Checksums-Sha256:
b959151cae3e0043d200cd3c32e081a20c16359f085324ec264afe172554cb17 3214
hplip_3.26.4+dfsg0-1.dsc
fbb8a6cf5c05c9a1034c5f5a86cd71624f245d4c6982018e0b2b6ed4a36b32ce 9434668
hplip_3.26.4+dfsg0.orig.tar.xz
7204c14e63be90b36a01e65cd24fd18c97b5ba9a72aa543258761f8d37f7cc69 147060
hplip_3.26.4+dfsg0-1.debian.tar.xz
23706a643f326a68f100bb43679c813429add36f6ee4c55291937497432b6e8a 20380
hplip_3.26.4+dfsg0-1_amd64.buildinfo
Files:
1e7178c32a6637001fda3850f09cc991 3214 utils optional hplip_3.26.4+dfsg0-1.dsc
2936f4323597e67683fdfbd737254966 9434668 utils optional
hplip_3.26.4+dfsg0.orig.tar.xz
1fbd5e453d0aec23c2c79905f6a07aa7 147060 utils optional
hplip_3.26.4+dfsg0-1.debian.tar.xz
99973491d7146118eb3fdf2adebd52a5 20380 utils optional
hplip_3.26.4+dfsg0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmoTlmBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRwQFD/9QXvyDHi+GL73NnidSQVgagrY490gT
1AGzR0HFaLADvlhTEEoFDqfHJ9Q4AxSoOm3MxkjKSeEQxsp59jBCYqt/f850A9QZ
D3hu9mfV+SNxozZL4jFHNKm3+ti3TWOoBSSmCQYE3RtuUT/S763vJv+rWwuWAfK6
apgSU7mtKMPjyYxhKKGgY9ptNj1/0QSBEAZCMz5h8H5HGeC2XYJU+9Hm911IDqW+
xppxbBiCF3UnE2Jpd4p5i6PDNul51U3H4KlimJtXt8mEasYhmpboe6Ebo0Kjdl5x
jtA3g81AhuH3pyjbHQOPxJq3jPL3JMl4HWoPQ1w9rrMXKxsOzH8YlHhik5urtg0L
SPmUvf+sJ3zFFA/rOTwqeB6sxopf8ZAkmGIEEcWGYgbTX8xNuL1/RXqYaYnoWqiE
jlU8ugf3g/D0EzVcHHCKA+I2IrcanhhW5TReamObtaTL4A9jZBgora5/2G3ouzTG
Yl50n5gxs4t0NcckVr70C3vmRb39VKokZyMLng4i+KU6L+r2328D2oZiwelDdjAD
4hmLol++u3TIWVyP8RUqGlbAlIacZu5GcOParAtaumC95mR9Gii1muk/Z9JU9xlS
WGe5b9CkQtY+KFqSb9T+38koWIEBFzPTBLjHNYWlHo24kbZOeA98D45aWQcQQZY6
Los3/+EU18RpDA==
=6iVP
-----END PGP SIGNATURE-----
pgpZvFgAIJmmC.pgp
Description: PGP signature
--- End Message ---
