** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5183
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5184 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5286 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5377 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3639 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3640 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3641 -- Please update cupsys to the generic version for hardy to fix several security vulnerabilities https://bugs.launchpad.net/bugs/329293 You received this bug notification because you are a member of OEM Services QA, which is subscribed to The Dell Mini Project. Status in Dell Inspiron Mini with Custom Dell UI: Triaged Bug description: Cupsys in hardy for the dell mini is in version 1.3.7-1ubuntu3 which is affected by several security vulnerabilities. The version in generic hardy ( 1.3.7-1ubuntu3) includes already the patches. So those should be ported to hardy for the mini. Changelog: cupsys (1.3.7-1ubuntu3.3) hardy-security; urgency=low * SECURITY UPDATE: denial of service by adding a large number of RSS subscriptions (LP: #298241) - debian/patches/CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions being reached in scheduler/{ipp.c,subscriptions.c}. - CVE-2008-5183 * SECURITY UPDATE: unauthorized access to RSS subscription functions in web interface (LP: #298241) - debian/patches/CVE-2008-5184.dpatch: make sure user is authenticated in /cgi-bin/admin.c. - CVE-2008-5184 * SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG image with a large height value - This issue was introduced in the patch for CVE-2008-1722. - debian/patches/CVE-2008-1722.dpatch: adjust patch to multiply img->xsize instead of img->ysize so we don't overflow in filter/image-png.c. - CVE-2008-5286 * SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack - debian/filters/pstopdf: use the cleaned-up version from Debian. - CVE-2008-5377 -- Marc Deslauriers <[email protected]> Thu, 08 Jan 2009 10:29:38 -0500 cupsys (1.3.7-1ubuntu3.2) hardy-proposed; urgency=low * debian/rules: Install the serial backend with 0700 permissions to make it run as root, since /dev/ttyS* are root:dialout and thus not accessible as user "lp". (LP: #154277) -- Martin Pitt <[email protected]> Wed, 26 Nov 2008 14:30:00 +0000 cupsys (1.3.7-1ubuntu3.1) hardy-security; urgency=low * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in the SGI filter - debian/patches/CVE-2008-3639_sgi_filter_overflow.dpatch: adjust filter/image-sgilib.c to properly check for xsize. Taken from Debian patch by Martin Pitt. - STR #2918 - CVE-2008-3639 * SECURITY UPDATE: integer overflow in texttops filter which could lead to heap-based overflow - debian/patches/CVE-2008-3640_texttops_overflow.dpatch: adjust textcommon.c and texttops.c to check for too large or negative page metrics. Taken from Debian patch by Martin Pitt. - STR #2919 - CVE-2008-3640 * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to arbitrary code execution - debian/patches/CVE-2008-3641_hpgl_filter_overflow.dpatch: adjust hpgl-attr.c to properly check for an invalid number of pens. Also includes fix for regression in orginal upstream patch which changed the color mapping and an off-by-one loop error. Taken from Debian patch by Martin Pitt. - STR #2911 - STR #2966 - CVE-2008-3641 -- Jamie Strandboge <[email protected]> Tue, 14 Oct 2008 13:17:07 -0500 _______________________________________________ Mailing list: https://launchpad.net/~oem-qa Post to : [email protected] Unsubscribe : https://launchpad.net/~oem-qa More help : https://help.launchpad.net/ListHelp
