cups (1.3.9-17ubuntu3.9) jaunty-security; urgency=low
* SECURITY UPDATE: cross-site request forgery in admin interface
- debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
templates/*.tmpl.
- CVE-2010-0540
* SECURITY UPDATE: denial of service or arbitrary code execution in
texttops image filter
- debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
filter/texttops.c.
- CVE-2010-0542
* SECURITY UPDATE: web interface memory disclosure
- debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
- CVE-2010-1748
* SECURITY UPDATE: file overwrite vulnerability
- debian/patches/security-str3510.dpatch: introduce cups_open() in
cups/file.c and use to make sure hard-linked or symlinked files don't
get overwritten as root.
- No CVE number
Date: Fri, 18 Jun 2010 10:26:08 -0400
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/cups/1.3.9-17ubuntu3.9
Format: 1.8
Date: Fri, 18 Jun 2010 10:26:08 -0400
Source: cups
Binary: libcups2 libcupsimage2 cups cups-client libcups2-dev libcupsimage2-dev
cups-bsd cups-common cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd
cupsys-dbg libcupsys2 libcupsys2-dev
Architecture: source
Version: 1.3.9-17ubuntu3.9
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Description:
cups - Common UNIX Printing System(tm) - server
cups-bsd - Common UNIX Printing System(tm) - BSD commands
cups-client - Common UNIX Printing System(tm) - client programs (SysV)
cups-common - Common UNIX Printing System(tm) - common files
cups-dbg - Common UNIX Printing System(tm) - debugging symbols
cupsys - Common UNIX Printing System (transitional package)
cupsys-bsd - Common UNIX Printing System (transitional package)
cupsys-client - Common UNIX Printing System (transitional package)
cupsys-common - Common UNIX Printing System (transitional package)
cupsys-dbg - Common UNIX Printing System (transitional package)
libcups2 - Common UNIX Printing System(tm) - libs
libcups2-dev - Common UNIX Printing System(tm) - development files
libcupsimage2 - Common UNIX Printing System(tm) - image libs
libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
libcupsys2 - Common UNIX Printing System (transitional package)
libcupsys2-dev - Common UNIX Printing System (transitional package)
Changes:
cups (1.3.9-17ubuntu3.9) jaunty-security; urgency=low
.
* SECURITY UPDATE: cross-site request forgery in admin interface
- debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
templates/*.tmpl.
- CVE-2010-0540
* SECURITY UPDATE: denial of service or arbitrary code execution in
texttops image filter
- debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
filter/texttops.c.
- CVE-2010-0542
* SECURITY UPDATE: web interface memory disclosure
- debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
- CVE-2010-1748
* SECURITY UPDATE: file overwrite vulnerability
- debian/patches/security-str3510.dpatch: introduce cups_open() in
cups/file.c and use to make sure hard-linked or symlinked files don't
get overwritten as root.
- No CVE number
Checksums-Sha1:
5e589221bc9b11482489438ec328db3dd759c2db 1995 cups_1.3.9-17ubuntu3.9.dsc
973e50f46068e659967614246457ee5e253a34e6 347764 cups_1.3.9-17ubuntu3.9.diff.gz
Checksums-Sha256:
986ca35aa5a6a054d1b1386587591f5c96261f7ff76d6ea90b6edfb064428dcf 1995
cups_1.3.9-17ubuntu3.9.dsc
756c166c4adf650dc8f0288c0daf51387e10b8ee9bf238d1d4083dc351d7bc47 347764
cups_1.3.9-17ubuntu3.9.diff.gz
Files:
00cc768af9e65ccaaed74d7c4352e86d 1995 net optional cups_1.3.9-17ubuntu3.9.dsc
2955695161c0ce780898d42714dba9c8 347764 net optional
cups_1.3.9-17ubuntu3.9.diff.gz
Original-Maintainer: Debian CUPS Maintainers
<pkg-cups-de...@lists.alioth.debian.org>
--
Jaunty-changes mailing list
Jaunty-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/jaunty-changes
