Debian Bug report logs -
#778387
cups: CVE-2014-9679
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Sat, 14 Feb 2015 13:27:02 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in versions cups/1.5.3-5, cups/1.7.5-10
Fixed in versions cups/2.0.2-1, 2.0.2-1, cups/1.7.5-11, cups/1.5.3-5+deb7u5
Done: Didier Raboud <odyx@debian.org>
Bug is archived. No further changes may be made.
Forwarded to https://www.cups.org/str.php?L4551
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Printing Team <debian-printing@lists.debian.org>
:
Bug#778387
; Package cups
.
(Sat, 14 Feb 2015 13:27:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Printing Team <debian-printing@lists.debian.org>
.
(Sat, 14 Feb 2015 13:27:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: cups
Severity: grave
Tags: security
This was assigned CVE-2014-9679 and is fixed in experimental
already: https://www.cups.org/str.php?L4551
Cheers,
Moritz
Changed Bug title to 'cups: CVE-2014-9679' from 'CVE-2014-9679'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 14 Feb 2015 16:51:13 GMT) (full text, mbox, link).
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 14 Feb 2015 16:51:13 GMT) (full text, mbox, link).
Marked as found in versions cups/1.7.5-10.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 14 Feb 2015 16:51:14 GMT) (full text, mbox, link).
Marked as fixed in versions cups/2.0.2-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 14 Feb 2015 16:51:15 GMT) (full text, mbox, link).
Marked as found in versions cups/1.5.3-5.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 14 Feb 2015 16:57:04 GMT) (full text, mbox, link).
Reply sent
to Didier 'OdyX' Raboud <odyx@debian.org>
:
You have taken responsibility.
(Mon, 16 Feb 2015 09:03:14 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Mon, 16 Feb 2015 09:03:14 GMT) (full text, mbox, link).
Message #22 received at 778387-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 2.0.2-1
Control: tags -1 +patch
Hi Moritz, and thanks for the heads'up.
Le samedi, 14 février 2015 14.24:43, vous avez écrit :
> This was assigned CVE-2014-9679 and is fixed in experimental
> already: https://www.cups.org/str.php?L4551
Here would be the patch for wheezy-security, can I upload ? I'll upload
to unstable straight away with the same patch.
Cheers,
OdyX
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Didier Raboud <odyx@debian.org>
:
You have taken responsibility.
(Mon, 16 Feb 2015 15:36:14 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Mon, 16 Feb 2015 15:36:14 GMT) (full text, mbox, link).
Message #27 received at 778387-close@bugs.debian.org (full text, mbox, reply):
Source: cups
Source-Version: 1.7.5-11
We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 778387@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 16 Feb 2015 08:19:17 +0100
Source: cups
Binary: libcups2 libcupsimage2 libcupscgi1 libcupsmime1 libcupsppdc1 cups cups-core-drivers cups-daemon cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common cups-server-common cups-ppdc cups-dbg
Architecture: source all
Version: 1.7.5-11
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Description:
cups - Common UNIX Printing System(tm) - PPD/driver support, web interfa
cups-bsd - Common UNIX Printing System(tm) - BSD commands
cups-client - Common UNIX Printing System(tm) - client programs (SysV)
cups-common - Common UNIX Printing System(tm) - common files
cups-core-drivers - Common UNIX Printing System(tm) - PPD-less printing
cups-daemon - Common UNIX Printing System(tm) - daemon
cups-dbg - Common UNIX Printing System(tm) - debugging symbols
cups-ppdc - Common UNIX Printing System(tm) - PPD manipulation utilities
cups-server-common - Common UNIX Printing System(tm) - server common files
libcups2 - Common UNIX Printing System(tm) - Core library
libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library
libcupscgi1 - Common UNIX Printing System(tm) - CGI library
libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI libra
libcupsimage2 - Common UNIX Printing System(tm) - Raster image library
libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li
libcupsmime1 - Common UNIX Printing System(tm) - MIME library
libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME library
libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library
libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD library
Closes: 778387
Changes:
cups (1.7.5-11) unstable; urgency=medium
.
* Backport upstream patch to fix cupsRasterReadPixels buffer overflow with
invalid page header and compressed raster data
(STR: #4551, Closes: #778387)
Checksums-Sha1:
0d06c04f7f61af881e9a100445d54aa74af09399 3422 cups_1.7.5-11.dsc
bf4f69bcd046a466abe3a48c43700334a028f64a 299988 cups_1.7.5-11.debian.tar.xz
1089a8e354d35a7bd26dc1ae786b8a83a418477b 273296 cups-common_1.7.5-11_all.deb
12f8f4f912f5be905a00d56a462531a6fcb94842 617716 cups-server-common_1.7.5-11_all.deb
Checksums-Sha256:
4ebab03610537e2649fb148c2cf912fb863e93d741dcf531903fc74c12013864 3422 cups_1.7.5-11.dsc
6c45561b13b1212df32c9932ee6da439e0f4b2c232b16def4b1ef4176e0d0f4f 299988 cups_1.7.5-11.debian.tar.xz
1e79213e95efdf6ab0bc271208be0511e64a312a7c0a49c469960e19327f4a49 273296 cups-common_1.7.5-11_all.deb
e06c7fb0075e6ee2677052aba4befcc6a7cedf58dbd8e8b938604baac1d21dcc 617716 cups-server-common_1.7.5-11_all.deb
Files:
7f2e3eea3e1d002892aa6b15d2e174c7 3422 net optional cups_1.7.5-11.dsc
8394c078f90712e4ef15fce902245247 299988 net optional cups_1.7.5-11.debian.tar.xz
c650b71fccf7b0179b1bbd8724ab011b 273296 net optional cups-common_1.7.5-11_all.deb
d549c0ad7d09ae9e463d91ac801527dc 617716 net optional cups-server-common_1.7.5-11_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQGcBAEBCAAGBQJU4gD+AAoJEIvPpx7KFjRVeuUMAIcEip5uYhTQXmKt2jIUlJlZ
okdymdlrzTgliAmE9ACBujl0NOLzK7ZL5k6gw4VdpIh4qFCQjWVDonsTe6urlFy4
VBS0EBDailAmvF+h7Ug/EIa2dwubTN6kk/GmSNs/nY7bfRNiIas6Q5hakJNxKARj
WDaxydruHpSXReCsn+JPePdKKsDUCSQpGAh7wdGZYjsyIZNvNAcLubUYdwmhRKzK
CXlQitJ6a6ZGZEixSaHg+5EJcqp5M99A1gNiV0o+LIsWwWdjGSq84f2pjSEcSUKL
SUvua56X+cemWtaNBc5LqFi2w+MPTfZutsWZgTi9QHtNByOEPkLdvI9YoT3V/pTf
Z1Go76yH6ag0XJd+FbbNHkX99n9bDbl8EkuUBW7ydkdoQBeVhNfNE6W+10KXn06q
2XZpSl6d1A44y68Ggho8POrYQu6b9nP/Fa8xpzFDRGyhMpSHE2B7TNbvO7ECPa7D
U58MZr+UzuGDW2pnW2RrEOR5YgO1db+d+X3mRnIeGw==
=Bg/K
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Printing Team <debian-printing@lists.debian.org>
:
Bug#778387
; Package cups
.
(Mon, 23 Feb 2015 11:03:13 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Hertzog <hertzog@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Printing Team <debian-printing@lists.debian.org>
.
(Mon, 23 Feb 2015 11:03:13 GMT) (full text, mbox, link).
Message #32 received at 778387@bugs.debian.org (full text, mbox, reply):
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Squeeze version of your package:
https://security-tracker.debian.org/tracker/CVE-2014-9679
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined here:
http://wiki.debian.org/LTS/Development
If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts@lists.debian.org
(via a debdiff, or with an URL pointing to the the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. Indicate clearly whether you
have tested the updated package or not.
If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Raphaël Hertzog,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Printing Team <debian-printing@lists.debian.org>
:
Bug#778387
; Package cups
.
(Mon, 23 Feb 2015 17:42:05 GMT) (full text, mbox, link).
Acknowledgement sent
to pkg-cups-devel@lists.alioth.debian.org
:
Extra info received and forwarded to list. Copy sent to Debian Printing Team <debian-printing@lists.debian.org>
.
(Mon, 23 Feb 2015 17:42:05 GMT) (full text, mbox, link).
Message #37 received at 778387@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
Le lundi, 23 février 2015, 11.58:33 Raphael Hertzog a écrit :
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of your package:
> https://security-tracker.debian.org/tracker/CVE-2014-9679
>
> Would you like to take care of this yourself?
>
> If yes, please follow the workflow we have defined here:
> http://wiki.debian.org/LTS/Development
I will, but keep in mind that we're still discussing the Wheezy patch
with the security team, so I'd like to get that fixed too (ideally
first).
That said, the part from the upstream patch that we're discussing
doesn't apply to Squeeze(-LTS), so we might as well upload the patch as-
is.
Proposed debdiff attached.
Cheers
OdyX
[s.ddiff (text/x-patch, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Printing Team <debian-printing@lists.debian.org>
:
Bug#778387
; Package cups
.
(Fri, 27 Feb 2015 03:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Ben Hutchings <ben@decadent.org.uk>
:
Extra info received and forwarded to list. Copy sent to Debian Printing Team <debian-printing@lists.debian.org>
.
(Fri, 27 Feb 2015 03:21:04 GMT) (full text, mbox, link).
Message #42 received at 778387@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Mon, 2015-02-23 at 18:38 +0100, Didier 'OdyX' Raboud wrote:
> Hi,
>
> Le lundi, 23 février 2015, 11.58:33 Raphael Hertzog a écrit :
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of your package:
> > https://security-tracker.debian.org/tracker/CVE-2014-9679
> >
> > Would you like to take care of this yourself?
> >
> > If yes, please follow the workflow we have defined here:
> > http://wiki.debian.org/LTS/Development
>
> I will, but keep in mind that we're still discussing the Wheezy patch
> with the security team, so I'd like to get that fixed too (ideally
> first).
>
> That said, the part from the upstream patch that we're discussing
> doesn't apply to Squeeze(-LTS), so we might as well upload the patch as-
> is.
>
> Proposed debdiff attached.
This does not fix the bug!
Ben.
--
Ben Hutchings
It is easier to write an incorrect program than to understand a correct one.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Printing Team <debian-printing@lists.debian.org>
:
Bug#778387
; Package cups
.
(Fri, 27 Feb 2015 04:42:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Ben Hutchings <ben@decadent.org.uk>
:
Extra info received and forwarded to list. Copy sent to Debian Printing Team <debian-printing@lists.debian.org>
.
(Fri, 27 Feb 2015 04:42:05 GMT) (full text, mbox, link).
Message #47 received at 778387@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Fri, 2015-02-27 at 03:17 +0000, Ben Hutchings wrote:
> On Mon, 2015-02-23 at 18:38 +0100, Didier 'OdyX' Raboud wrote:
> > Hi,
> >
> > Le lundi, 23 février 2015, 11.58:33 Raphael Hertzog a écrit :
> > > the Debian LTS team would like to fix the security issues which are
> > > currently open in the Squeeze version of your package:
> > > https://security-tracker.debian.org/tracker/CVE-2014-9679
> > >
> > > Would you like to take care of this yourself?
> > >
> > > If yes, please follow the workflow we have defined here:
> > > http://wiki.debian.org/LTS/Development
> >
> > I will, but keep in mind that we're still discussing the Wheezy patch
> > with the security team, so I'd like to get that fixed too (ideally
> > first).
> >
> > That said, the part from the upstream patch that we're discussing
> > doesn't apply to Squeeze(-LTS), so we might as well upload the patch as-
> > is.
> >
> > Proposed debdiff attached.
>
> This does not fix the bug!
I cherry-picked git commit 6c087a72a0708bcb7929955c75770ee364755c42
("Add some range checking (probably more to come) to avoid divide-by-0
errors."), after which the critical hunk of the patch for CVE-2014-9679
applied cleanly. With Didier's original patch,
zcat bogus.raster.gz | rastertohp foo bar baz 1 ''
still crashes (segmentation fault). With the two patches applied, it
fails cleanly (no pages found). I was still able to print a test page
(though I'm not certain that this uses the raster filter code in my
configuration).
So I've uploaded with those two patches applied.
Ben.
--
Ben Hutchings
It is easier to write an incorrect program than to understand a correct one.
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Didier Raboud <odyx@debian.org>
:
You have taken responsibility.
(Sat, 28 Feb 2015 18:06:43 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Sat, 28 Feb 2015 18:06:43 GMT) (full text, mbox, link).
Message #52 received at 778387-close@bugs.debian.org (full text, mbox, reply):
Source: cups
Source-Version: 1.5.3-5+deb7u5
We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 778387@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 17 Feb 2015 08:24:04 +0100
Source: cups
Binary: libcups2 libcupsimage2 libcupscgi1 libcupsdriver1 libcupsmime1 libcupsppdc1 cups cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev libcupsdriver1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common cups-ppdc cups-dbg cupsddk
Architecture: source all amd64
Version: 1.5.3-5+deb7u5
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Description:
cups - Common UNIX Printing System(tm) - server
cups-bsd - Common UNIX Printing System(tm) - BSD commands
cups-client - Common UNIX Printing System(tm) - client programs (SysV)
cups-common - Common UNIX Printing System(tm) - common files
cups-dbg - Common UNIX Printing System(tm) - debugging symbols
cups-ppdc - Common UNIX Printing System(tm) - PPD manipulation utilities
cupsddk - Common UNIX Printing System (transitional package)
libcups2 - Common UNIX Printing System(tm) - Core library
libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library
libcupscgi1 - Common UNIX Printing System(tm) - CGI library
libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI libra
libcupsdriver1 - Common UNIX Printing System(tm) - Driver library
libcupsdriver1-dev - Common UNIX Printing System(tm) - Development files driver librar
libcupsimage2 - Common UNIX Printing System(tm) - Raster image library
libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li
libcupsmime1 - Common UNIX Printing System(tm) - MIME library
libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME library
libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library
libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD library
Closes: 778387
Changes:
cups (1.5.3-5+deb7u5) wheezy-security; urgency=high
.
* Backport upstream patch to fix cupsRasterReadPixels buffer overflow with
invalid page header and compressed raster data
(CVE-2014-9679, STR: #4551, Closes: #778387)
Checksums-Sha1:
4c0b2b9e3a5cad48ef07ad2bd7b69ed135b2f5b4 3260 cups_1.5.3-5+deb7u5.dsc
9277e6ebd9ca55ec1a63598ecf972dd5de7794f3 376371 cups_1.5.3-5+deb7u5.debian.tar.gz
eb8a51fcfe4809a867b25c2245fce04fd1d2abcc 903580 cups-common_1.5.3-5+deb7u5_all.deb
4b03c9687a5374abca5282b23cfdec5614dd152c 87268 cupsddk_1.5.3-5+deb7u5_all.deb
81b3b671ca4e60b8cc9ff4c0720c5c187b1753c9 255574 libcups2_1.5.3-5+deb7u5_amd64.deb
2d830c3caaeb9e198c46d6c5687b811a53d4f90d 137942 libcupsimage2_1.5.3-5+deb7u5_amd64.deb
df9683bd74fff75b9780fe7ca2254c192a4eade1 116216 libcupscgi1_1.5.3-5+deb7u5_amd64.deb
0d2e4a1d9097c45f147baf1739c2b36b30809fa3 104184 libcupsdriver1_1.5.3-5+deb7u5_amd64.deb
f3bae337c4730dc1ca83412ee398b258a107531c 99156 libcupsmime1_1.5.3-5+deb7u5_amd64.deb
571a1bf5ceec034878203807db9ea2be2bbbfdff 139358 libcupsppdc1_1.5.3-5+deb7u5_amd64.deb
b592b13fd4a6f324ec4f9001738a04ab37ac21c6 1402126 cups_1.5.3-5+deb7u5_amd64.deb
fd38d1b0b13e0c9e017d1e7c28b574306c0d303a 181440 cups-client_1.5.3-5+deb7u5_amd64.deb
f87af844dbe745a9da79cf3e7f8ba46ddb883e00 327758 libcups2-dev_1.5.3-5+deb7u5_amd64.deb
bdbd64522b8820ac275939d2c973630051e73403 65374 libcupsimage2-dev_1.5.3-5+deb7u5_amd64.deb
2ed3093344ce4de474daf6874ef0e44bd3aae947 122110 libcupscgi1-dev_1.5.3-5+deb7u5_amd64.deb
8197e0c95a912989df30c63ea886614b27801877 107138 libcupsdriver1-dev_1.5.3-5+deb7u5_amd64.deb
0db5dee35454251e1547e4342db79fccc2190bd1 99968 libcupsmime1-dev_1.5.3-5+deb7u5_amd64.deb
33603755c4408198cd47bb14c7462c2210718141 156386 libcupsppdc1-dev_1.5.3-5+deb7u5_amd64.deb
6bccbf6fc0e4d924532f705d4c5b3998fea962d8 47470 cups-bsd_1.5.3-5+deb7u5_amd64.deb
404f457758c43fc40d140a5dd3f6a45c604475c8 116894 cups-ppdc_1.5.3-5+deb7u5_amd64.deb
5c90dc24e36b63c404eab24e1d684d2c303557d2 2217998 cups-dbg_1.5.3-5+deb7u5_amd64.deb
Checksums-Sha256:
4d8265036c2e4a86d2245e9c836110406c5efee1275b6f2934152535c3ae4a76 3260 cups_1.5.3-5+deb7u5.dsc
46d7f311a0b56623d0d2a78c75ce451649db5c6e637baa5c8ec4bcc426729536 376371 cups_1.5.3-5+deb7u5.debian.tar.gz
8e02060de032fb1ca4133bd763521e3b125db815f55799c19b52741f4f019df7 903580 cups-common_1.5.3-5+deb7u5_all.deb
9a9f2b4d2d38b0cccc2d6e6a3bfd7cf722b48438fe54b7af758f1986aaf7cd5e 87268 cupsddk_1.5.3-5+deb7u5_all.deb
05f797a3659717a0f8245dabdd793320a84a61943a71445e68a4ed29ad80006e 255574 libcups2_1.5.3-5+deb7u5_amd64.deb
52e55fab822fd67234d80e0265efe29a729ae2dd6e55e2aafef2c0b7aa1b8374 137942 libcupsimage2_1.5.3-5+deb7u5_amd64.deb
1f40721abd771b6702817eacf10fd41d8b07dc20efeafa2cfd682629a69bf10c 116216 libcupscgi1_1.5.3-5+deb7u5_amd64.deb
6d04004f4615d97baf54df015dc10559fc864769f25c36af2b6a0492a1aafb0b 104184 libcupsdriver1_1.5.3-5+deb7u5_amd64.deb
a923d0a4cc9a654ccee80c9d4176cba1ca96a90ad077e1dfd6488f64103dfa0a 99156 libcupsmime1_1.5.3-5+deb7u5_amd64.deb
f59294ee94777e174293ecb33b95969a2882367c5b9925d0d36abfcf16825e61 139358 libcupsppdc1_1.5.3-5+deb7u5_amd64.deb
537334a46463e2e5329d89c284e8fd320622acd7b1afb26e71f5856c685f29f7 1402126 cups_1.5.3-5+deb7u5_amd64.deb
5c910b4e8fb361b91812226df3e5687622be00dc6b0875876ee55558641911ba 181440 cups-client_1.5.3-5+deb7u5_amd64.deb
63c9fff711e6d590421dc3557b68aae367e0f410716c337443ab55987b665256 327758 libcups2-dev_1.5.3-5+deb7u5_amd64.deb
75837f3a2a0b41fc9bc0dc5d7e0e45ec1ea70485febc6450670b68d02559f99e 65374 libcupsimage2-dev_1.5.3-5+deb7u5_amd64.deb
8588589f1e57cf4fd3d8c7ef21842c206b93afe09c7b3f0d3bb290de0a664231 122110 libcupscgi1-dev_1.5.3-5+deb7u5_amd64.deb
0269f90e6fcd1069d3fa0222d83bf12ab3a26be578935bf803e344f2d0104947 107138 libcupsdriver1-dev_1.5.3-5+deb7u5_amd64.deb
86e7d285c1503422591ad1253ae24438f1bdbc32c8ff746c8bcfd82ec8e4170d 99968 libcupsmime1-dev_1.5.3-5+deb7u5_amd64.deb
6941b436910eaa9bedad79b7631e31306955791a33db5388d2475f053a51aed0 156386 libcupsppdc1-dev_1.5.3-5+deb7u5_amd64.deb
fd704d103f99bd8ee7d35f7805b5f5f13bfa34d730557f11100891cbbe74fd53 47470 cups-bsd_1.5.3-5+deb7u5_amd64.deb
36840ad94388ff3701d2e11d622225a9a7746b8ec8e32b2a3bef903057a1ffd3 116894 cups-ppdc_1.5.3-5+deb7u5_amd64.deb
c8fdd5c8010fa9d087e32de2370d16df6f1f1ba2c67a220741fbefa90c905f62 2217998 cups-dbg_1.5.3-5+deb7u5_amd64.deb
Files:
519d1b48d83dd66978918abbedfebdf2 3260 net optional cups_1.5.3-5+deb7u5.dsc
35016246d6df946be6dad2245f7a9ed7 376371 net optional cups_1.5.3-5+deb7u5.debian.tar.gz
e6e31816b8cc59946ec0f2469bfdd7ff 903580 net optional cups-common_1.5.3-5+deb7u5_all.deb
9be086187330281c49fb1583fb61adae 87268 oldlibs extra cupsddk_1.5.3-5+deb7u5_all.deb
6d73277b00f7274ab59c7ff4aeef0929 255574 libs optional libcups2_1.5.3-5+deb7u5_amd64.deb
28c6ada6956e6ddd9e5d975528d4bc60 137942 libs optional libcupsimage2_1.5.3-5+deb7u5_amd64.deb
507a7c2e8efbf6910b118a0623286f21 116216 libs optional libcupscgi1_1.5.3-5+deb7u5_amd64.deb
1f26556ac292d39af3951ecffe112fc2 104184 libs optional libcupsdriver1_1.5.3-5+deb7u5_amd64.deb
9e1b7ba8d57b9771253d557a1d4448e0 99156 libs optional libcupsmime1_1.5.3-5+deb7u5_amd64.deb
27f7b191616d6823216bae74bddf202f 139358 libs optional libcupsppdc1_1.5.3-5+deb7u5_amd64.deb
82fe4c78c27d7575cce6b25ada4be501 1402126 net optional cups_1.5.3-5+deb7u5_amd64.deb
819a94a4a674c298838340777b4463b9 181440 net optional cups-client_1.5.3-5+deb7u5_amd64.deb
ca6697dd2f05849aa0ba1d1e01c70e0c 327758 libdevel optional libcups2-dev_1.5.3-5+deb7u5_amd64.deb
c0feebef6ff9500da424fa8fde5f56f5 65374 libdevel optional libcupsimage2-dev_1.5.3-5+deb7u5_amd64.deb
39d2aed53259d9e1cef6c8bf410ad0a7 122110 libdevel optional libcupscgi1-dev_1.5.3-5+deb7u5_amd64.deb
704cde5ca2324e7692084c679107bd89 107138 libdevel optional libcupsdriver1-dev_1.5.3-5+deb7u5_amd64.deb
f79648cc5bdf5f92154331d1985d588f 99968 libdevel optional libcupsmime1-dev_1.5.3-5+deb7u5_amd64.deb
7c036c9c15aeea2bcd508316366e5830 156386 libdevel optional libcupsppdc1-dev_1.5.3-5+deb7u5_amd64.deb
68e9592ffc5d6000d3b522911f12e9cb 47470 net extra cups-bsd_1.5.3-5+deb7u5_amd64.deb
4c5ad00b48828543d297c6fb4de6f2b7 116894 utils optional cups-ppdc_1.5.3-5+deb7u5_amd64.deb
99830db924b1f09da4f0f9975fc2509b 2217998 debug extra cups-dbg_1.5.3-5+deb7u5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQGcBAEBCAAGBQJU7Z/CAAoJEIvPpx7KFjRVcPwL/REiaR6f9HMAhNmvNRNoEpaD
fPeAF6X10qXiGQPgStlFFqxsFT7QDgnQu6J2GHOp9zta/cTwuNGFiwZcYBT8FW+k
2HY7w/m8u29kqtw7E8hFB2v1KWA+RFQE34nNHs6Dy0JaT/ZUDsJNpdsHt7hsAnLb
UY/pe7qFggOMPn0+8RBz/tYqDg/rzXz1QlpttQhrabZwNtaQnLBpS/FpFYGvXiV5
QuGmh0tdad/ulig337kBfNLTtaSqBSaGds90VCV4wn55msN4uJH23ndh/cRZa691
cmR7j6uw8cKb41MTKLmrnSW6F9rxbvFCES+FUCnC0KRWsR2F6WvXGzOUH48wfocg
7M6mSX5kdtczXhCap+rjWf63agcXnmY7J5waEEYdlkt9vBi4EVPrl+OaHW/1Z1UE
l5abP1r44UiVXSmZGeo1sCgm1a807LC11136IK8SJi9EjzDCLS+kFIq/rEqxeuRL
dwW0YnV90TYDK+EFx/v/zOw9yizQIk7BXATn0GLFTA==
=ZWcs
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Printing Team <debian-printing@lists.debian.org>
:
Bug#778387
; Package cups
.
(Wed, 04 Mar 2015 21:27:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Didier 'OdyX' Raboud <odyx@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Printing Team <debian-printing@lists.debian.org>
.
(Wed, 04 Mar 2015 21:27:12 GMT) (full text, mbox, link).
Message #57 received at 778387@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Le vendredi, 27 février 2015, 04.39:08 Ben Hutchings a écrit :
> On Fri, 2015-02-27 at 03:17 +0000, Ben Hutchings wrote:
> > This does not fix the bug!
>
> I cherry-picked git commit 6c087a72a0708bcb7929955c75770ee364755c42
> ("Add some range checking (probably more to come) to avoid divide-by-0
> errors."), after which the critical hunk of the patch for
> CVE-2014-9679 applied cleanly. With Didier's original patch,
>
> zcat bogus.raster.gz | rastertohp foo bar baz 1 ''
>
> still crashes (segmentation fault). With the two patches applied, it
> fails cleanly (no pages found). I was still able to print a test page
> (though I'm not certain that this uses the raster filter code in my
> configuration).
>
> So I've uploaded with those two patches applied.
Thanks! I've now updated the VCS with your patches.
http://anonscm.debian.org/cgit/printing/cups.git/log/?h=master-squeeze-lts
OdyX
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 24 May 2015 08:07:28 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:44:17 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.