On Fri, Dec 20, 2002 at 12:17:18AM -0600, David Ehle wrote: > > Hello all, > > Is the Debian package of cups Vulnerable to the security issues > detailed here?: > http://www.idefense.com/advisory/12.19.02.txt > > It doesn't mentions version 1.1.15-4 explicitly, but the vulnerablites > havn't been tested on many different Distros yet. > > If the Debian package is affected, does Mr. Licquia have a timetable on > when our version will be patched?
Yes, it is vulnerable. The version in woody is 1.1.14-3, and an advisory is pending. Unstable already has 1.1.18-1 which contains the fixes. It sounds like you are running the testing version, in which case you must handle your own security update. -- - mdz
