severity 530027 important
thanks
Ben Finney [2010-09-13 16:17 +1000]:
> severity 530027 grave
This is quite overinflated. "grave" means "completely useless for
everyone", and "breaks other packages", which isn't the case here.
> Could the maintainer please respond on this?
Please note that cups
On 13-Sep-2010, Ben Finney wrote:
> On 11-Oct-2009, Ian Zimmerman wrote:
> > I'll have to downgrade to 1.3.* until this is fixed :(
>
> This has been the case for me for every version in Squeeze since I
> initially reported this bug.
And now I find that downgrading to Lenny's version of CUPS, w
package cups
severity 530027 grave
thanks
On 11-Oct-2009, Ian Zimmerman wrote:
> If you look at the vaild_host() function, in the case the connecting
> address matches 127.*.*.* [1], the ServerAlias check is completely
> bypassed and only "localhost" or its numerical equivalents are
> allowed as v
package cups
found 530027 1.4.3-1
thanks
On 23-May-2009, Ben Finney wrote:
> On 23-May-2009, Ben Finney wrote:
> > Could this be related to the following entry in the Debian
> > changelog:
> >
> > =
> > * New upstream security/bug fix release:
> > - The scheduler now protects against DN
On 18-Jan-2010, Philip Haynes wrote:
> Add the line;
>
> HostNameLookups On
>
> to your cupsd.conf file.
Thanks for the suggestion. However, that doesn't work for me:
=
$ grep HostNameLookups /etc/cups/cupsd.conf
HostNameLookups On
$ grep ServerName /etc/cups/client.conf
# ServerName: the
An update on a workaround/solution that works for me;
Add the line;
HostNameLookups On
to your cupsd.conf file.
Solution sourced from;
http://bugs.gentoo.org/show_bug.cgi?id=266678
package cups
found 530027 1.4.2-4
thanks
On 23-May-2009, Ben Finney wrote:
> On 23-May-2009, Ben Finney wrote:
> > Could this be related to the following entry in the Debian
> > changelog:
> >
> > =
> > * New upstream security/bug fix release:
> > - The scheduler now protects against DN
A short follow-up:
I left a dangling reference [1] in my previous post. Corrected below.
And, happily, I was able to work around this by re-numbering my
tunnel interfaces from 127.0.*.* to 10.*.*.* . It speaks a little to
how sophisticated this "fix" is, IMHO ...
[1] the place in the code tha
The reason that ServerAlias * fixes it for some cases but not for others
can be seen from the patch that addressed CVE-2009-0164:
https://bugzilla.redhat.com/attachment.cgi?id=335489
If you look at the vaild_host() function, in the case the connecting
address matches 127.*.*.* [1], the ServerAli
package cups
found 530027 1.4.1-4
thanks
On 23-May-2009, Ben Finney wrote:
> On 23-May-2009, Ben Finney wrote:
> > Could this be related to the following entry in the Debian
> > changelog:
> >
> > =
> > * New upstream security/bug fix release:
> > - The scheduler now protects against DN
package cups
found 530027 1.3.11-1
thanks
On 23-May-2009, Ben Finney wrote:
> On 23-May-2009, Ben Finney wrote:
> > Could this be related to the following entry in the Debian
> > changelog:
> >
> > =
> > * New upstream security/bug fix release:
> > - The scheduler now protects against D
Same problems here.
No luck with ServerAlias *.
However, I have found that cups commands will work if I explicitly specify the
hostname "localhost", e.g.:
# lpstat -a
lpstat: Bad Request
# lpstat -h localhost -a
DeskJet accepting requests since Fri Jul 10 13:00:17 2009
And similarly with all t
package cups
found 530027 1.3.10-2
thanks
On 23-May-2009, Ben Finney wrote:
> On 23-May-2009, Ben Finney wrote:
> > Could this be related to the following entry in the Debian
> > changelog:
> >
> > =
> > * New upstream security/bug fix release:
> > - The scheduler now protects against D
On 23-May-2009, Ben Finney wrote:
> Could this be related to the following entry in the Debian changelog:
>
> =
> * New upstream security/bug fix release:
> - The scheduler now protects against DNS rebinding attacks. Please note
> that this could lead to some regressions. (CVE-2009
Package: cups
Version: 1.3.10-1
Severity: important
The CUPS server is rejecting all connections. With debug logging
output, I see this every second:
=
D [23/May/2009:09:48:12 +1000] cupsdAcceptClient: 9 from 192.168.5.7:631 (IPv4)
D [23/May/2009:09:48:12 +1000] cupsdReadClient: 9 POST / HTTP
15 matches
Mail list logo
