Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cupsys: CUPS allows remote attackers to cause a denial of service

Related Vulnerabilities: CVE-2007-0720  

Source

Debian Bug report logs - #434734
cupsys: CUPS allows remote attackers to cause a denial of service

version graph

Package: cupsys; Maintainer for cupsys is (unknown);

Reported by: Steffen Joeris <white@debian.org>

Date: Thu, 26 Jul 2007 10:27:01 UTC

Severity: important

Tags: security

Found in version cupsys/1.2.12-1

Fixed in version 1.2.7-1

Done: Thijs Kinkhorst <thijs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>:
Bug#434734; Package cupsys. (full text, mbox, link).

Acknowledgement sent to Steffen Joeris <white@debian.org>:
New Bug report received and forwarded. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <white@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: cupsys: CUPS allows remote attackers to cause a denial of service
Date: Thu, 26 Jul 2007 20:24:54 +1000
Package: cupsys
Version: 1.2.12-1
Severity: important
Tags: security

Hi mates

The following CVE[0] exists for cupsys:

The CUPS service on multiple platforms allows remote attackers to cause
a denial of service (service hang) via a "partially-negotiated" SSL
connection, which prevents other requests from being accepted.

Could you please check, if the debian versions are affected?

Cheers
Steffen


[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0720

Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Steffen Joeris <white@debian.org>:
Bug acknowledged by developer. (full text, mbox, link).

Message #10 received at 434734-done@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>
To: 434734-done@bugs.debian.org
Subject: Already fixed in etch+
Date: Wed, 29 Aug 2007 01:53:16 +0200
[Message part 1 (text/plain, inline)]
Version: 1.2.7-1

Hi,

This bug has been fixed upstream in the 1.2.7 release, which is in etch, lenny 
and sid already. As the security team has indicated that this is not 
important enough to release a DSA for oldstable for, the issue can be 
considered 'done'.


Thijs

[Message part 2 (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 05 Jul 2010 07:33:08 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:50:23 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started