cups (1.4.3-1ubuntu1.2) lucid-security; urgency=low * SECURITY UPDATE: cross-site request forgery in admin interface - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token to cgi-bin/cgi.h, cgi-bin/libcupscgi.exp, cgi-bin/template.c, cgi-bin/var.c, templates/*.tmpl. - CVE-2010-0540 * SECURITY UPDATE: denial of service or arbitrary code execution in texttops image filter - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in filter/texttops.c. - CVE-2010-0542 * SECURITY UPDATE: web interface memory disclosure - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c. - CVE-2010-1748 * SECURITY UPDATE: file overwrite vulnerability - debian/patches/security-str3510.dpatch: introduce cups_open() in cups/file.c and use to make sure hard-linked or symlinked files don't get overwritten as root. - No CVE number * debian/libcupscgi1.symbols: Add new symbols
Date: Fri, 18 Jun 2010 09:20:00 -0400 Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/lucid/+source/cups/1.4.3-1ubuntu1.2
Format: 1.8 Date: Fri, 18 Jun 2010 09:20:00 -0400 Source: cups Binary: libcups2 libcupsimage2 libcupscgi1 libcupsdriver1 libcupsmime1 libcupsppdc1 cups cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev libcupsdriver1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common cups-ppdc cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd cupsys-dbg cupsddk Architecture: source Version: 1.4.3-1ubuntu1.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Description: cups - Common UNIX Printing System(tm) - server cups-bsd - Common UNIX Printing System(tm) - BSD commands cups-client - Common UNIX Printing System(tm) - client programs (SysV) cups-common - Common UNIX Printing System(tm) - common files cups-dbg - Common UNIX Printing System(tm) - debugging symbols cups-ppdc - Common UNIX Printing System(tm) - PPD manipulation utilities cupsddk - Common UNIX Printing System (transitional package) cupsys - Common UNIX Printing System (transitional package) cupsys-bsd - Common UNIX Printing System (transitional package) cupsys-client - Common UNIX Printing System (transitional package) cupsys-common - Common UNIX Printing System (transitional package) cupsys-dbg - Common UNIX Printing System (transitional package) libcups2 - Common UNIX Printing System(tm) - Core library libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library libcupscgi1 - Common UNIX Printing System(tm) - CGI library libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI libra libcupsdriver1 - Common UNIX Printing System(tm) - Driver library libcupsdriver1-dev - Common UNIX Printing System(tm) - Development files driver librar libcupsimage2 - Common UNIX Printing System(tm) - Raster image library libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li libcupsmime1 - Common UNIX Printing System(tm) - MIME library libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME library libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD library Changes: cups (1.4.3-1ubuntu1.2) lucid-security; urgency=low . * SECURITY UPDATE: cross-site request forgery in admin interface - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token to cgi-bin/cgi.h, cgi-bin/libcupscgi.exp, cgi-bin/template.c, cgi-bin/var.c, templates/*.tmpl. - CVE-2010-0540 * SECURITY UPDATE: denial of service or arbitrary code execution in texttops image filter - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in filter/texttops.c. - CVE-2010-0542 * SECURITY UPDATE: web interface memory disclosure - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c. - CVE-2010-1748 * SECURITY UPDATE: file overwrite vulnerability - debian/patches/security-str3510.dpatch: introduce cups_open() in cups/file.c and use to make sure hard-linked or symlinked files don't get overwritten as root. - No CVE number * debian/libcupscgi1.symbols: Add new symbols Checksums-Sha1: 4afb2433b3c5a31158281ff918ae025de2c634e1 2273 cups_1.4.3-1ubuntu1.2.dsc 658d598694e60ba7afb0a7fe950316e1fb4ce925 496671 cups_1.4.3-1ubuntu1.2.diff.gz Checksums-Sha256: f2eba792a1c5bd8b93025c1bfbaf66cc5e2d30412733f8a05d22d85ec868a374 2273 cups_1.4.3-1ubuntu1.2.dsc eab994a5e49c129dc57ce31e7050a6bf0f0cf2571ad1d4c99d504c555e5a8277 496671 cups_1.4.3-1ubuntu1.2.diff.gz Files: 167a7ea0e055786fe2e5f74c03b92294 2273 net optional cups_1.4.3-1ubuntu1.2.dsc 585b5a839d9ec546a9534330a76c0964 496671 net optional cups_1.4.3-1ubuntu1.2.diff.gz Original-Maintainer: Debian CUPS Maintainers <pkg-cups-de...@lists.alioth.debian.org>
-- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes