Control: tags -1 moreinfo On Wed, 2023-09-20 at 21:05 +0000, Thorsten Alteholz wrote: > The attached debdiff for cups fixes CVE-2023-4504 and CVE-2023-32360 > in > Bookworm. These CVEs have been marked as no-dsa by the security > team, > but at least CVE-2023-32360 got an RC bug (#1051953). >
+cups (2.4.2-6) unstable; urgency=low + + In case this is not a fresh installation of cups, please double check + whether your cupsd.conf really does contain the limitiation for + "CUPS-Get-Document" (see patch 0015-CVE-2023-32360.patch) Hmm. Is there a better way we can point users to the required change here that doesn't require them knowing how to find patches applied to the source package? Regards, Adam