Debian Bug report logs -
#434734
cupsys: CUPS allows remote attackers to cause a denial of service
Reported by: Steffen Joeris <white@debian.org>
Date: Thu, 26 Jul 2007 10:27:01 UTC
Severity: important
Tags: security
Found in version cupsys/1.2.12-1
Fixed in version 1.2.7-1
Done: Thijs Kinkhorst <thijs@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
:
Bug#434734
; Package cupsys
.
(full text, mbox, link).
Acknowledgement sent to Steffen Joeris <white@debian.org>
:
New Bug report received and forwarded. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: cupsys
Version: 1.2.12-1
Severity: important
Tags: security
Hi mates
The following CVE[0] exists for cupsys:
The CUPS service on multiple platforms allows remote attackers to cause
a denial of service (service hang) via a "partially-negotiated" SSL
connection, which prevents other requests from being accepted.
Could you please check, if the debian versions are affected?
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0720
Reply sent to Thijs Kinkhorst <thijs@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Steffen Joeris <white@debian.org>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 434734-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 1.2.7-1
Hi,
This bug has been fixed upstream in the 1.2.7 release, which is in etch, lenny
and sid already. As the security team has indicated that this is not
important enough to release a DSA for oldstable for, the issue can be
considered 'done'.
Thijs
[Message part 2 (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 05 Jul 2010 07:33:08 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:50:23 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.