Launchpad has imported 9 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=473901.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help
** Changed in: cups (Ubuntu)
Assignee: Martin Pitt (pitti) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/298241
Title:
Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS s
** Branch linked: lp:ubuntu/intrepid-security/cups
--
Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS subscriptions
https://bugs.launchpad.net/bugs/298241
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing l
** Changed in: cups (Debian)
Status: Unknown => Fix Released
--
Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS subscriptions
https://bugs.launchpad.net/bugs/298241
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubun
This issue was fixed for Dapper, Gutsy, Hardy and Intrepid by:
http://www.ubuntu.com/usn/usn-707-1
** Changed in: cups (Ubuntu Gutsy)
Status: Triaged => Fix Released
** Changed in: cups (Ubuntu Hardy)
Status: Triaged => Fix Released
--
Apple CUPS Daemon: unauthenticated SIGSEGV c
** Changed in: cups (Fedora)
Status: Unknown => Confirmed
--
Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS subscriptions
https://bugs.launchpad.net/bugs/298241
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-
RedHat has a patch for CVE-2008-5183, linked bug.
** Bug watch added: Red Hat Bugzilla #473901
https://bugzilla.redhat.com/show_bug.cgi?id=473901
** Also affects: cups (Fedora) via
https://bugzilla.redhat.com/show_bug.cgi?id=473901
Importance: Unknown
Status: Unknown
--
Apple CU
http://www.cups.org/str.php?L2774 has a patch for CVE-2008-5184.
CVE-2008-5183 is not fixed anywhere, not even latest upstream. However,
it is just an authenticated local DoS, and thus very low-priority.
** Changed in: cups (Ubuntu Gutsy)
Status: New => Triaged
** Changed in: cups (Ubuntu
This is fixed in >= 1.3.8 and only affects >= 1.3, thus it is not an
issue for intrepid, jaunty, and dapper.
** Changed in: cups (Ubuntu)
Status: In Progress => Fix Released
--
Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS subscriptions
https://bugs.launchpad.net/bugs/298241
Yo
Is CVE-2008-5183 fixed upstream yet?
--
Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS subscriptions
https://bugs.launchpad.net/bugs/298241
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bug
CVE-2008-5183
CVE-2008-5184
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5183
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5184
--
Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS subscriptions
https://bugs.launchpad.net/bugs/298241
You
@Martin: check out the comments on http://www.gnucitizen.org/blog
/pwning-ubuntu-via-cups/
someone figured out why ubuntu hardy does NOT require auth to add rss
subscriptions (cupsd dies completely when visiting "evil" page), whereas
ubuntu intrepid DOES require auth.
copied and pasted:
"
TH res
I'll deal with the jaunty/Debian update. I was fairly sure that
http://www.cups.org/strfiles/2774/str2774.patch fixed it (in cups
1.3.8), I just get a live-locked browser (tons of message boxes), but
cupsd stays alive. I followed up to the Debian bug.
** Bug watch added: Debian Bug tracker #506180
** Also affects: cups (openSUSE)
Importance: Undecided
Status: New
--
Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS subscriptions
https://bugs.launchpad.net/bugs/298241
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
More info here: http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/
--
Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS subscriptions
https://bugs.launchpad.net/bugs/298241
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
u
no problem. thanks!
On Wed, Nov 19, 2008 at 6:59 PM, Kees Cook <[EMAIL PROTECTED]> wrote:
> ** Visibility changed to: Public
>
> --
> Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS subscriptions
> https://bugs.launchpad.net/bugs/298241
> You received this bug notification because you are
** Visibility changed to: Public
--
Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS subscriptions
https://bugs.launchpad.net/bugs/298241
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@li
17 matches
Mail list logo