Bug#656025: foomatic-db-compressed-ppds: Incorrect driver for Panasonic KX-P4450
Package: foomatic-db-compressed-ppds Version: 20111206-1 Severity: normal Dear Maintainer, This package causes CUPS to recommend the 'ljet3' driver for a Panasonic KX-P4450 printer (see output of /usr/lib/cups/driver/foomatic-db-compressed-ppds list | grep 'KX-P4450' for confirmation). This recommendation is incorrect, and results in printing garbage. The correct driver is 'ljetplus' (I've tested this by telling CUPS that the printer is an HP LaserJet Plus - this produces correct output from the printer). Please correct the driver recommendation for this printer. Best regards, Dave Williams -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages foomatic-db-compressed-ppds depends on: ii python2.7.2-9 ii xz-utils 5.1.1alpha+20110809-3 Versions of packages foomatic-db-compressed-ppds recommends: pn cups1.5.0-13 pn cups-client 1.5.0-13 pn foomatic-db-engine 4.0.8-2 pn foomatic-filters4.0.9-1 pn ghostscript 9.04~dfsg-3 pn hpijs 3.11.10-1 pn printer-driver-all Versions of packages foomatic-db-compressed-ppds suggests: pn cjet pn ghostscript-cups 9.04~dfsg-3 pn hplip pn hplip-cups pn openprinting-ppds -- no debconf information -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAAb4N6Wm2sxtxgS_ub1hmPZ1YgqaCVEw6FrbxVSUmgBf==n...@mail.gmail.com
Accepted hplip 3.10.6-2+squeeze1 (source all amd64)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 27 Nov 2011 02:39:13 +1100 Source: hplip Binary: hplip hplip-data hplip-gui hplip-dbg hplip-doc hpijs-ppds hpijs hplip-cups libhpmud0 libhpmud-dev libsane-hpaio Architecture: source all amd64 Version: 3.10.6-2+squeeze1 Distribution: stable Urgency: low Maintainer: Debian HPIJS and HPLIP maintainers Changed-By: Mark Purcell Description: hpijs - HP Linux Printing and Imaging - gs IJS driver (hpijs) hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files hplip - HP Linux Printing and Imaging System (HPLIP) hplip-cups - HP Linux Printing and Imaging - CUPS Raster driver (hpcups) hplip-data - HP Linux Printing and Imaging - data files hplip-dbg - HP Linux Printing and Imaging - debugging information hplip-doc - HP Linux Printing and Imaging - documentation hplip-gui - HP Linux Printing and Imaging - GUI utilities libhpmud-dev - HP Multi-Point Transport Driver (hpmud) development libraries libhpmud0 - HP Multi-Point Transport Driver (hpmud) run-time libraries libsane-hpaio - HP SANE backend for multi-function peripherals Closes: 635549 Changes: hplip (3.10.6-2+squeeze1) stable; urgency=low . * Fix "Insecure tempfile handling" CVE-2011-2722 by backporting from the removal of the culprit code by upstream. (Closes: #635549) - Added CVE-2011-2722.dpatch by Didier Raboud Checksums-Sha1: 1acf0b797807b6558524c03d16d3f0fb2695c7f8 1948 hplip_3.10.6-2+squeeze1.dsc 8ed21a0fe41c7a32bdd2d42a4622b422335cbf79 94643 hplip_3.10.6-2+squeeze1.diff.gz cc45627815b71b11f21e48f07e1b23e1f4b1f429 11801374 hplip-data_3.10.6-2+squeeze1_all.deb c8556f2e7291425b608d8d8e0866789f2d81d7e4 79086 hplip-gui_3.10.6-2+squeeze1_all.deb 46300e480d3dec618ab3082e5913504c87c82951 667642 hplip-doc_3.10.6-2+squeeze1_all.deb 4c6629f0f2551d46127f71d79c0e7d760f8263a4 612086 hpijs-ppds_3.10.6-2+squeeze1_all.deb e531d34c838d39547744dad4fc3b902f0760f000 145766 hplip_3.10.6-2+squeeze1_amd64.deb d37f5ccc2268dd0889921a73fe296abcacfbf21f 1030862 hplip-dbg_3.10.6-2+squeeze1_amd64.deb e59906abe6f42649997af4091bce84bbeb641251 422046 hpijs_3.10.6-2+squeeze1_amd64.deb 567403cec1dfdf7211d4955a75e681519a39e5b3 349756 hplip-cups_3.10.6-2+squeeze1_amd64.deb 9394f36d3bd8f16ef3c5745f8d4207e767d298df 170572 libhpmud0_3.10.6-2+squeeze1_amd64.deb ed8d56c502f5d4bca0c1321a9c3e3ff711c1a177 70430 libhpmud-dev_3.10.6-2+squeeze1_amd64.deb 34bee16a724a79c0afac71d0a2f6918e4a0acbb7 171358 libsane-hpaio_3.10.6-2+squeeze1_amd64.deb Checksums-Sha256: 54c2a52312c5340fd627271c9e0451393e0a0868797e0226ea1366166dff5d50 1948 hplip_3.10.6-2+squeeze1.dsc 3e69ba72243296a644886bb24dab6acb4f301b7964d312733ff1a217c7a15b7f 94643 hplip_3.10.6-2+squeeze1.diff.gz f83db4fc964225969c69a4cd064008c10f6dd6aef73c4166dbcc88ab8a3b309c 11801374 hplip-data_3.10.6-2+squeeze1_all.deb ba03844f0c6601bc0ea828c49516b1431a2121a29a1d7b23587502c632cdc893 79086 hplip-gui_3.10.6-2+squeeze1_all.deb 29de2b09e2a598f73b3dc4d111d562e1aa96e3315fddcefc97d67e08f70d6a51 667642 hplip-doc_3.10.6-2+squeeze1_all.deb 318f35433733df6985ab2dfde7283b5a4beea8d1190a52e911dac10009387c07 612086 hpijs-ppds_3.10.6-2+squeeze1_all.deb 6096ece98690d3793a4218fa955b388acad3d3129ba19c99485ae901d3d27b34 145766 hplip_3.10.6-2+squeeze1_amd64.deb 41e4dd6b6bf72616f1ffa651915f3eda3f46adf8099a7845c9edf9106b049a79 1030862 hplip-dbg_3.10.6-2+squeeze1_amd64.deb 832524d212c24395dc6c6965928fed722d9a7addd1a3a81d40671714c70de5ce 422046 hpijs_3.10.6-2+squeeze1_amd64.deb 2d36facc5be67ea7d3b9b3db511d1560065f044c3b34861e92c801e100814fb8 349756 hplip-cups_3.10.6-2+squeeze1_amd64.deb 98cab9d1001230aee6dd10755f1aa41898d49441f416bf663ac041167ef5457b 170572 libhpmud0_3.10.6-2+squeeze1_amd64.deb 0a977bcad7005cdfbcaeac0ecce0e389d92c46d900d9e904cdb25bba38e06f31 70430 libhpmud-dev_3.10.6-2+squeeze1_amd64.deb 90300115c785cebc2ce0869f59435587923238e55eb04c117914005c0ae0940a 171358 libsane-hpaio_3.10.6-2+squeeze1_amd64.deb Files: 8598ed29b628df3c40eb5d381e1940df 1948 utils optional hplip_3.10.6-2+squeeze1.dsc 8e8387e0eb8cf7dfc07b9d0daf50b84f 94643 utils optional hplip_3.10.6-2+squeeze1.diff.gz a2a05165bfcaeaa2d7508acf6d09c6e5 11801374 utils optional hplip-data_3.10.6-2+squeeze1_all.deb ee861d67a1442ef3dfb08d9c8939f75c 79086 utils optional hplip-gui_3.10.6-2+squeeze1_all.deb 6d023d50b4adf4d697b49167d75f083a 667642 doc optional hplip-doc_3.10.6-2+squeeze1_all.deb 1d91263f98f702420da6424060fb161a 612086 utils optional hpijs-ppds_3.10.6-2+squeeze1_all.deb c4c10cb1509b0eebf4855dd28641abdf 145766 utils optional hplip_3.10.6-2+squeeze1_amd64.deb 756043d29d575360098fb323c42da1a8 1030862 debug extra hplip-dbg_3.10.6-2+squeeze1_amd64.deb 425c55ccd05a582d2bc3cb1d46f4e6ae 422046 text optional hpijs_3.10.6-2+squeeze1_amd64.deb 5c21e2b37407ff65541268257868c5ef 349756 text optional hplip-cups_3.10.6-2+squeeze1_amd64.deb d3ff85b39d583af3aa4043e14dc662d5 170572 libs optional libhpmud0_3.10.6-2+squeeze1_amd64
Bug#635549: marked as done (Two security issues)
Your message dated Sun, 15 Jan 2012 20:47:15 + with message-id and subject line Bug#635549: fixed in hplip 3.10.6-2+squeeze1 has caused the Debian Bug report #635549, regarding Two security issues to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 635549: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635549 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: hplip Severity: grave Tags: security Two security issues have been reported in hplip: 1. Shell command injection in foomatic-rip-hplip: https://bugzilla.novell.com/show_bug.cgi?id=698451 This is CVE-2011-2697 2. Insecure tempfile handling: https://bugzilla.novell.com/show_bug.cgi?id=704608 https://bugs.launchpad.net/hplip/+bug/809904 This is CVE-2011-2722 This should be fixed in a DSA, could you prepared updated packages? Cheers, Moritz -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- Source: hplip Source-Version: 3.10.6-2+squeeze1 We believe that the bug you reported is fixed in the latest version of hplip, which is due to be installed in the Debian FTP archive: hpijs-ppds_3.10.6-2+squeeze1_all.deb to main/h/hplip/hpijs-ppds_3.10.6-2+squeeze1_all.deb hpijs_3.10.6-2+squeeze1_amd64.deb to main/h/hplip/hpijs_3.10.6-2+squeeze1_amd64.deb hplip-cups_3.10.6-2+squeeze1_amd64.deb to main/h/hplip/hplip-cups_3.10.6-2+squeeze1_amd64.deb hplip-data_3.10.6-2+squeeze1_all.deb to main/h/hplip/hplip-data_3.10.6-2+squeeze1_all.deb hplip-dbg_3.10.6-2+squeeze1_amd64.deb to main/h/hplip/hplip-dbg_3.10.6-2+squeeze1_amd64.deb hplip-doc_3.10.6-2+squeeze1_all.deb to main/h/hplip/hplip-doc_3.10.6-2+squeeze1_all.deb hplip-gui_3.10.6-2+squeeze1_all.deb to main/h/hplip/hplip-gui_3.10.6-2+squeeze1_all.deb hplip_3.10.6-2+squeeze1.diff.gz to main/h/hplip/hplip_3.10.6-2+squeeze1.diff.gz hplip_3.10.6-2+squeeze1.dsc to main/h/hplip/hplip_3.10.6-2+squeeze1.dsc hplip_3.10.6-2+squeeze1_amd64.deb to main/h/hplip/hplip_3.10.6-2+squeeze1_amd64.deb libhpmud-dev_3.10.6-2+squeeze1_amd64.deb to main/h/hplip/libhpmud-dev_3.10.6-2+squeeze1_amd64.deb libhpmud0_3.10.6-2+squeeze1_amd64.deb to main/h/hplip/libhpmud0_3.10.6-2+squeeze1_amd64.deb libsane-hpaio_3.10.6-2+squeeze1_amd64.deb to main/h/hplip/libsane-hpaio_3.10.6-2+squeeze1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 635...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mark Purcell (supplier of updated hplip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 27 Nov 2011 02:39:13 +1100 Source: hplip Binary: hplip hplip-data hplip-gui hplip-dbg hplip-doc hpijs-ppds hpijs hplip-cups libhpmud0 libhpmud-dev libsane-hpaio Architecture: source all amd64 Version: 3.10.6-2+squeeze1 Distribution: stable Urgency: low Maintainer: Debian HPIJS and HPLIP maintainers Changed-By: Mark Purcell Description: hpijs - HP Linux Printing and Imaging - gs IJS driver (hpijs) hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files hplip - HP Linux Printing and Imaging System (HPLIP) hplip-cups - HP Linux Printing and Imaging - CUPS Raster driver (hpcups) hplip-data - HP Linux Printing and Imaging - data files hplip-dbg - HP Linux Printing and Imaging - debugging information hplip-doc - HP Linux Printing and Imaging - documentation hplip-gui - HP Linux Printing and Imaging - GUI utilities libhpmud-dev - HP Multi-Point Transport Driver (hpmud) development libraries libhpmud0 - HP Multi-Point Transport Driver (hpmud) run-time libraries libsane-hpaio - HP SANE backend for multi-function peripherals Closes: 635549 Changes: hplip (3.10.6-2+squeeze1) stable; urgency=low . * Fix "Insecure tempfile handling" CVE-2011-2722 by backporting from the removal of the culprit code by upstream. (Closes: #635549) - Added CVE-2011-2722.dpatch by Didier Raboud Checksums-Sha1: 1acf0b797807b6558524c03d16d3f0fb2695c7f8 1948 hplip_3.10.6-2+squeeze1.ds
Bug#635549: Stable update of hplip for CVE-2011-2722 (#635549) ?
On Sun, 2011-12-11 at 18:02 +, Adam D. Barratt wrote: > On Sun, 2011-12-04 at 17:26 +, Adam D. Barratt wrote: > > On Thu, 2011-12-01 at 20:17 +, Adam D. Barratt wrote: > > > On Fri, 2011-11-25 at 14:58 +0100, Didier Raboud wrote: > > > > * Fix CVE-2011-2722 "Insecure tempfile handling" by patching the > > > > culprit > > > > code out. (Closes: #635549) > > > > > > I'm assuming the debug code isn't likely to be used that often? The > > > upstream bug (https://bugs.launchpad.net/hplip/+bug/809904>) > > > implies that they were looking at replacing the code with a mkstemp() > > > call, rather than removing it. If it's basically unused then patching > > > it out should be okay though. > > > > fwiw, the above wasn't a rhetorical question. I was anticipating that > > the next action would have been a reply, not an upload... > > Having said that, a reply wouldn't be unwelcome... Reply came there none. Given that the affected code hasn't re-appeared in unstable, I've flagged the upload for acceptance, but for the record I'm somewhat unimpressed by the lack of response to any of my queries. Regards, Adam -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1326659712.29770.126.ca...@jacala.jungle.funky-badger.org