Debian Bug report logs -
#934957
cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696)
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 17 Aug 2019 09:39:02 UTC
Severity: grave
Tags: security, upstream
Found in version cups/2.2.10-6
Fixed in version cups/2.2.12-1
Done: Didier Raboud <odyx@debian.org>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian Printing Team <debian-printing@lists.debian.org>:
Bug#934957; Package src:cups.
(Sat, 17 Aug 2019 09:39:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian Printing Team <debian-printing@lists.debian.org>.
(Sat, 17 Aug 2019 09:39:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: cups
Version: 2.2.10-6
Severity: grave
Tags: security upstream
Justification: user security hole
Hi
Filling for tracking. The recent 2.2.12[1] release includes fixes for
several security issues, two of those got CVEs and are related to SNMP
buffer overflows. [2] includes all those.
Regards,
Salvatore
[1] https://github.com/apple/cups/releases/tag/v2.2.12
[2] https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
Reply sent
to Didier Raboud <odyx@debian.org>:
You have taken responsibility.
(Sat, 17 Aug 2019 15:30:08 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 17 Aug 2019 15:30:09 GMT) (full text, mbox, link).
Message #10 received at 934957-close@bugs.debian.org (full text, mbox, reply):
Source: cups
Source-Version: 2.2.12-1
We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 934957@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 17 Aug 2019 15:51:30 +0200
Source: cups
Architecture: source
Version: 2.2.12-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Closes: 933985 934957
Changes:
cups (2.2.12-1) unstable; urgency=medium
.
* New 2.2.12 upstream release
- CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows
(Closes: #934957)
.
* Remove 11 backported patches
* Fix CVE-2018-4{7,8}00 typo retrospectively in d/changelog
(Closes: #933985)
* Refresh debian/gitlab-ci.yml
* Refresh manpage translations
Checksums-Sha1:
7141169358cd691552044c78834b4837f8b0d46c 3258 cups_2.2.12-1.dsc
a6a89bd1dd3b7122913651698a89d795e3bfea80 10409313 cups_2.2.12.orig.tar.gz
7da505de6cffc0e9d9cee0e501a24bed2a2b4721 864 cups_2.2.12.orig.tar.gz.asc
5dd871a38ccb0cb25b54fa0d5dc54dc2981980bc 347076 cups_2.2.12-1.debian.tar.xz
Checksums-Sha256:
da31e24272c068bdf1502c74109570f45c8a09440a50f6b0fd4f3fa7d0dbd9d8 3258 cups_2.2.12-1.dsc
0f61ab449e4748a24c6ab355b481ff7691247a140d327b2b7526fce34b7f9aa8 10409313 cups_2.2.12.orig.tar.gz
c8e44d1d0ab7ef0000fbd2d17b6cf1fdb6879436fb6ec9a1b4f97345cc11e55b 864 cups_2.2.12.orig.tar.gz.asc
5d216198a75e7c7e0eaf752a45650a53802fcd62fda0a5839f57be25143bd3d2 347076 cups_2.2.12-1.debian.tar.xz
Files:
8bd500c303ded63232e881cc794d1791 3258 net optional cups_2.2.12-1.dsc
e763689f7735d3fe95a2943397189e40 10409313 net optional cups_2.2.12.orig.tar.gz
25154722c42681f9bacc90a170d2f797 864 net optional cups_2.2.12.orig.tar.gz.asc
400b6baf36b199b22c73905679f8bfae 347076 net optional cups_2.2.12-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEe+WPIRpjNw1/GSB7i8+nHsoWNFUFAl1YBvoACgkQi8+nHsoW
NFWMxAv/Sni3v5nRcEoFyjec+2PJnVctqkdWPEMxhJ2xHvgFiqZzxaRx6IBsYzgW
9N87etSaGrq6NfvMlUKzwma3jy0u+I3RiTLDhYya51Hp5Ub5EQnTYuc3Zcm9AHha
4ljTWrQGTy4up/p4X5xsyV4YiJrAJIkIc8cvLaheNecpZjdzFCuvAYrqwKMfukHf
rGsKmkBUk+EV9c8GSHTd0rj9Ws/psBgGrl9yqv0OM0IBkoR/Yh4/aa+beuy7ZqnR
+/4DLQ/Hm7amproCVmDlNyGoHiE/8ZoNEsth4ZwFDI1ap9j6xyERoo7KyFeqdCqT
YTu1OrTNLLnRolEi4n4zLBNpy5BwtObmIBf0YYgXavCB76pf+xf/qUyf0t9PE14E
7fuAYn2cckv0BOiYklgZA8H0UaqXefuphjVuTOtYfDbKGtzwTkuQhMkL15fG8Ecu
tLtyRQdQoXYQiEIXCet91Iy1SHq/Uu/C6+LEIwRVAdkUE3B/Unq+198FicneeTga
YFINY+ef
=R4pd
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Aug 18 09:35:29 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon