cups (1.3.9-17ubuntu3.9) jaunty-security; urgency=low * SECURITY UPDATE: cross-site request forgery in admin interface - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c, cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c, templates/*.tmpl. - CVE-2010-0540 * SECURITY UPDATE: denial of service or arbitrary code execution in texttops image filter - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in filter/texttops.c. - CVE-2010-0542 * SECURITY UPDATE: web interface memory disclosure - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c. - CVE-2010-1748 * SECURITY UPDATE: file overwrite vulnerability - debian/patches/security-str3510.dpatch: introduce cups_open() in cups/file.c and use to make sure hard-linked or symlinked files don't get overwritten as root. - No CVE number
Date: Fri, 18 Jun 2010 10:26:08 -0400 Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/jaunty/+source/cups/1.3.9-17ubuntu3.9
Format: 1.8 Date: Fri, 18 Jun 2010 10:26:08 -0400 Source: cups Binary: libcups2 libcupsimage2 cups cups-client libcups2-dev libcupsimage2-dev cups-bsd cups-common cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd cupsys-dbg libcupsys2 libcupsys2-dev Architecture: source Version: 1.3.9-17ubuntu3.9 Distribution: jaunty-security Urgency: low Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Description: cups - Common UNIX Printing System(tm) - server cups-bsd - Common UNIX Printing System(tm) - BSD commands cups-client - Common UNIX Printing System(tm) - client programs (SysV) cups-common - Common UNIX Printing System(tm) - common files cups-dbg - Common UNIX Printing System(tm) - debugging symbols cupsys - Common UNIX Printing System (transitional package) cupsys-bsd - Common UNIX Printing System (transitional package) cupsys-client - Common UNIX Printing System (transitional package) cupsys-common - Common UNIX Printing System (transitional package) cupsys-dbg - Common UNIX Printing System (transitional package) libcups2 - Common UNIX Printing System(tm) - libs libcups2-dev - Common UNIX Printing System(tm) - development files libcupsimage2 - Common UNIX Printing System(tm) - image libs libcupsimage2-dev - Common UNIX Printing System(tm) - image development files libcupsys2 - Common UNIX Printing System (transitional package) libcupsys2-dev - Common UNIX Printing System (transitional package) Changes: cups (1.3.9-17ubuntu3.9) jaunty-security; urgency=low . * SECURITY UPDATE: cross-site request forgery in admin interface - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c, cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c, templates/*.tmpl. - CVE-2010-0540 * SECURITY UPDATE: denial of service or arbitrary code execution in texttops image filter - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in filter/texttops.c. - CVE-2010-0542 * SECURITY UPDATE: web interface memory disclosure - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c. - CVE-2010-1748 * SECURITY UPDATE: file overwrite vulnerability - debian/patches/security-str3510.dpatch: introduce cups_open() in cups/file.c and use to make sure hard-linked or symlinked files don't get overwritten as root. - No CVE number Checksums-Sha1: 5e589221bc9b11482489438ec328db3dd759c2db 1995 cups_1.3.9-17ubuntu3.9.dsc 973e50f46068e659967614246457ee5e253a34e6 347764 cups_1.3.9-17ubuntu3.9.diff.gz Checksums-Sha256: 986ca35aa5a6a054d1b1386587591f5c96261f7ff76d6ea90b6edfb064428dcf 1995 cups_1.3.9-17ubuntu3.9.dsc 756c166c4adf650dc8f0288c0daf51387e10b8ee9bf238d1d4083dc351d7bc47 347764 cups_1.3.9-17ubuntu3.9.diff.gz Files: 00cc768af9e65ccaaed74d7c4352e86d 1995 net optional cups_1.3.9-17ubuntu3.9.dsc 2955695161c0ce780898d42714dba9c8 347764 net optional cups_1.3.9-17ubuntu3.9.diff.gz Original-Maintainer: Debian CUPS Maintainers <pkg-cups-de...@lists.alioth.debian.org>
-- Jaunty-changes mailing list Jaunty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/jaunty-changes