Debian Bug report logs -
#723716
hplip: CVE-2013-4325
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 19 Sep 2013 06:06:02 UTC
Severity: grave
Tags: patch, security
Found in versions hplip/3.10.6-2, hplip/3.10.6-1
Fixed in versions hplip/3.13.9-1, hplip/3.13.11-1
Done: Mark Purcell <msp@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian HPIJS and HPLIP maintainers <pkg-hpijs-devel@lists.alioth.debian.org>:
Bug#723716; Package hplip.
(Thu, 19 Sep 2013 06:06:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian HPIJS and HPLIP maintainers <pkg-hpijs-devel@lists.alioth.debian.org>.
(Thu, 19 Sep 2013 06:06:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: hplip
Severity: grave
Tags: security
Justification: user security hole
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4325 for details
and a patch.
Cheers,
Moritz
Reply sent
to Mark Purcell <msp@debian.org>:
You have taken responsibility.
(Sat, 21 Sep 2013 05:36:09 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Sat, 21 Sep 2013 05:36:09 GMT) (full text, mbox, link).
Message #10 received at 723716-close@bugs.debian.org (full text, mbox, reply):
Source: hplip
Source-Version: 3.13.9-1
We believe that the bug you reported is fixed in the latest version of
hplip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 723716@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Purcell <msp@debian.org> (supplier of updated hplip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 21 Sep 2013 08:24:35 +1000
Source: hplip
Binary: hplip hplip-data printer-driver-postscript-hp hplip-gui hplip-dbg hplip-doc hpijs-ppds printer-driver-hpijs printer-driver-hpcups libhpmud0 libhpmud-dev libsane-hpaio
Architecture: source i386 all
Version: 3.13.9-1
Distribution: unstable
Urgency: medium
Maintainer: Debian HPIJS and HPLIP maintainers <pkg-hpijs-devel@lists.alioth.debian.org>
Changed-By: Mark Purcell <msp@debian.org>
Description:
hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files
hplip - HP Linux Printing and Imaging System (HPLIP)
hplip-data - HP Linux Printing and Imaging - data files
hplip-dbg - HP Linux Printing and Imaging - debugging information
hplip-doc - HP Linux Printing and Imaging - documentation
hplip-gui - HP Linux Printing and Imaging - GUI utilities (Qt-based)
libhpmud-dev - HP Multi-Point Transport Driver (hpmud) development libraries
libhpmud0 - HP Multi-Point Transport Driver (hpmud) run-time libraries
libsane-hpaio - HP SANE backend for multi-function peripherals
printer-driver-hpcups - HP Linux Printing and Imaging - CUPS Raster driver (hpcups)
printer-driver-hpijs - HP Linux Printing and Imaging - printer driver (hpijs)
printer-driver-postscript-hp - HP Printers PostScript Descriptions
Closes: 722695 723716
Changes:
hplip (3.13.9-1) unstable; urgency=medium
.
* New upstream release
* Fix CVE-2013-4325 hplip: Insecure calling of polkit
- Apply Redhat patch (Closes: #723716)
- Urgency medium
* Fix "Rebuild against pyppd 1.0.1" patch from OdyX (Closes: #722695)
Checksums-Sha1:
3b9afb56a38df7fa84a0e1b7c0833353638fa3d5 2268 hplip_3.13.9-1.dsc
208f4816661e35cc32850c0ed2b402e0c54350c6 20878480 hplip_3.13.9.orig.tar.gz
9aee278586773016f52954e7ac89190bdf306080 107856 hplip_3.13.9-1.debian.tar.gz
7d55607f97f2e8984395a64fab1efc2489ec3102 140558 hplip_3.13.9-1_i386.deb
34fc7d5ad30436c0d673a0dee6698ceda575569f 1335742 hplip-dbg_3.13.9-1_i386.deb
f99a6255ee51609f6910b9095908364edd7fa91c 333568 printer-driver-hpijs_3.13.9-1_i386.deb
54a9fb95441f5421897eb296a095dbf50b0b1084 306278 printer-driver-hpcups_3.13.9-1_i386.deb
e43795dd4aad6bf8eb50fa6e77977d07b58fddfd 166714 libhpmud0_3.13.9-1_i386.deb
0beeb58bfdb731174c372d8e718131f777e19e48 79642 libhpmud-dev_3.13.9-1_i386.deb
cb985657d056861fd7bd02b121260e201c87c332 177196 libsane-hpaio_3.13.9-1_i386.deb
45708aa44ad1b9d04de57141a505879dd3a8abcd 6564682 hplip-data_3.13.9-1_all.deb
d26e8ce03ae5301c72c0652f57258b12d46721c1 764754 printer-driver-postscript-hp_3.13.9-1_all.deb
6de65624323615a4b3985ea27ad45f4c5477b8ea 90230 hplip-gui_3.13.9-1_all.deb
453f3f18c9a36ba34a9415422a0f5448f55122f0 660902 hplip-doc_3.13.9-1_all.deb
3e43cc5c55c3b6c155beacc09a0ac0301b11e583 162324 hpijs-ppds_3.13.9-1_all.deb
Checksums-Sha256:
10797f70683cad8928e4e66bc533e92101b309e70ba3c550ece268cc2c43a5fe 2268 hplip_3.13.9-1.dsc
d95c729a79b0d28be3ecb6cba6df5a931b0788484c4d323963abc36d514bb120 20878480 hplip_3.13.9.orig.tar.gz
c452bb0c536d862daf5873d6e35cfb6606a445fcea4b9f1b8d0ace15ae768f46 107856 hplip_3.13.9-1.debian.tar.gz
df67f55e429c5da6e26c5afc5c57dcc77d77b04a2b66d80062215bafac95a173 140558 hplip_3.13.9-1_i386.deb
8183c6fe6c9ac15fb070eb409c26ae9e68d44ee8538f1d66450e7cc24f9e9cc1 1335742 hplip-dbg_3.13.9-1_i386.deb
c2f37d98651ef0f5f763959ec662a204611cb972397f222a9e706f433ba95a8a 333568 printer-driver-hpijs_3.13.9-1_i386.deb
351d9133d265b89f46a5c49581ffbadb3092ece84e5d0ca29ddc1864a9d7a3d6 306278 printer-driver-hpcups_3.13.9-1_i386.deb
06b567e3bd859edc2ead24e9962c89cd30efe776ae04f8ac9cbfb507e2da8819 166714 libhpmud0_3.13.9-1_i386.deb
515ae2f6f331a66b36051d8b879cb3f32e71ec3de1d344c8857455df45a4edb9 79642 libhpmud-dev_3.13.9-1_i386.deb
13acd91a89184f01cb17524d453ff354195813d929383f43678fc0bff88bd5c7 177196 libsane-hpaio_3.13.9-1_i386.deb
32d79aae27e7d74ae4992c14415ecef776c215ca974df57dbbd28d3369bb118d 6564682 hplip-data_3.13.9-1_all.deb
177f8b23c9465670dfba0e0480963332ad835c367f755ec7eba87e89dd21466b 764754 printer-driver-postscript-hp_3.13.9-1_all.deb
e7b1c4b17e9f3347a5991ef8b6d2a4febe3606de336f70a8292dc2db40c9ce50 90230 hplip-gui_3.13.9-1_all.deb
87c1c8f05572611a92579ea18239d055e13711d8000fc31a5ce76a49641bd0d6 660902 hplip-doc_3.13.9-1_all.deb
3db3e5cbeb4b440f96633e065319292d090b6a9e4189af31b5d543695a477b69 162324 hpijs-ppds_3.13.9-1_all.deb
Files:
a5a7dd84ad7306dd9723a20bbe178209 2268 utils optional hplip_3.13.9-1.dsc
8fcbbd0d3a0b76550f325bd6cf46d9d9 20878480 utils optional hplip_3.13.9.orig.tar.gz
b79a5ff90a3ee14df59cb700fe454bb4 107856 utils optional hplip_3.13.9-1.debian.tar.gz
af27ef06eda49968e1567f3099fc5f8e 140558 utils optional hplip_3.13.9-1_i386.deb
bfd9d7c5da393e6adbca10071afca380 1335742 debug extra hplip-dbg_3.13.9-1_i386.deb
56ac1f103f4d4fc51c8e00976623eb7e 333568 text optional printer-driver-hpijs_3.13.9-1_i386.deb
6cba026921b51b6e49b7fffa8b3d6240 306278 text optional printer-driver-hpcups_3.13.9-1_i386.deb
8931e11929a605084f451a969f8ade72 166714 libs optional libhpmud0_3.13.9-1_i386.deb
0ccc43941969af351edfb18b5f57685f 79642 libdevel optional libhpmud-dev_3.13.9-1_i386.deb
4a8f1f9edede3084836bf9a012b19284 177196 libs optional libsane-hpaio_3.13.9-1_i386.deb
e1748c48677be6b766f871cc8653f90d 6564682 utils optional hplip-data_3.13.9-1_all.deb
f45a8a5ca7970438dcf0dc3255eaa79c 764754 utils optional printer-driver-postscript-hp_3.13.9-1_all.deb
2e90a73bda274f2be51ac4c0a4fae410 90230 utils optional hplip-gui_3.13.9-1_all.deb
8b888b201597398163ba8b75e0a26bab 660902 doc optional hplip-doc_3.13.9-1_all.deb
9c11a25ae4c9e959f7a32712109c74fb 162324 utils optional hpijs-ppds_3.13.9-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlI9JNIACgkQoCzanz0IthLF/wCfQ0ggtyjeJIhrq2/JP4boziIG
6+kAmwSYW/CpJWj7yVGCZD/LYcocm1XB
=ARGD
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian HPIJS and HPLIP maintainers <pkg-hpijs-devel@lists.alioth.debian.org>:
Bug#723716; Package hplip.
(Mon, 14 Oct 2013 14:15:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Geissert <geissert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian HPIJS and HPLIP maintainers <pkg-hpijs-devel@lists.alioth.debian.org>.
(Mon, 14 Oct 2013 14:15:05 GMT) (full text, mbox, link).
Message #15 received at 723716@bugs.debian.org (full text, mbox, reply):
Control: tag -1 patch
Control: found -1 3.10.6-2
Hi,
Could you also please prepare fixed packages targeting old/stable for a DSA?
Once prepared please send the debdiff to team@security.d.o to
coordinate their upload and release.
Thanks in advance,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Added tag(s) patch.
Request was from Raphael Geissert <geissert@debian.org>
to 723716-submit@bugs.debian.org.
(Mon, 14 Oct 2013 14:15:05 GMT) (full text, mbox, link).
Marked as found in versions hplip/3.10.6-2.
Request was from Raphael Geissert <geissert@debian.org>
to 723716-submit@bugs.debian.org.
(Mon, 14 Oct 2013 14:15:06 GMT) (full text, mbox, link).
Marked as found in versions hplip/3.10.6-1.
Request was from Andreas Beckmann <anbe@debian.org>
to control@bugs.debian.org.
(Tue, 05 Nov 2013 02:30:20 GMT) (full text, mbox, link).
Reply sent
to Mark Purcell <msp@debian.org>:
You have taken responsibility.
(Tue, 10 Dec 2013 19:51:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Tue, 10 Dec 2013 19:51:05 GMT) (full text, mbox, link).
Message #26 received at 723716-close@bugs.debian.org (full text, mbox, reply):
Source: hplip
Source-Version: 3.13.11-1
We believe that the bug you reported is fixed in the latest version of
hplip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 723716@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Purcell <msp@debian.org> (supplier of updated hplip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 11 Dec 2013 06:12:48 +1100
Source: hplip
Binary: hplip hplip-data printer-driver-postscript-hp hplip-gui hplip-dbg hplip-doc hpijs-ppds printer-driver-hpijs printer-driver-hpcups libhpmud0 libhpmud-dev libsane-hpaio
Architecture: source i386 all
Version: 3.13.11-1
Distribution: unstable
Urgency: low
Maintainer: Debian HPIJS and HPLIP maintainers <pkg-hpijs-devel@lists.alioth.debian.org>
Changed-By: Mark Purcell <msp@debian.org>
Description:
hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files
hplip - HP Linux Printing and Imaging System (HPLIP)
hplip-data - HP Linux Printing and Imaging - data files
hplip-dbg - HP Linux Printing and Imaging - debugging information
hplip-doc - HP Linux Printing and Imaging - documentation
hplip-gui - HP Linux Printing and Imaging - GUI utilities (Qt-based)
libhpmud-dev - HP Multi-Point Transport Driver (hpmud) development libraries
libhpmud0 - HP Multi-Point Transport Driver (hpmud) run-time libraries
libsane-hpaio - HP SANE backend for multi-function peripherals
printer-driver-hpcups - HP Linux Printing and Imaging - CUPS Raster driver (hpcups)
printer-driver-hpijs - HP Linux Printing and Imaging - printer driver (hpijs)
printer-driver-postscript-hp - HP Printers PostScript Descriptions
Closes: 723716
Changes:
hplip (3.13.11-1) unstable; urgency=low
.
* New upstream release
- Includes fix for CVE-2013-4325:Insecure Polkit use (Closes: #723716)
- Drop debian/patches/CVE-2013-4325.patch
- hp-mkuri no longer ships
* Drop hp-mkuri-take-into-account-already-installed-plugin-also-for-
exit-value.dpatch & ubuntu-hp-mkuri-notification-text.dpatch
* quilt refresh
* hplip-doc.install -> hplip-doc.docs
Checksums-Sha1:
1ba5c8ad196d574488501a5c20c8735b6100e692 2317 hplip_3.13.11-1.dsc
240dcaf52c75a23cd5ab6a4426364245e7c2474e 21104424 hplip_3.13.11.orig.tar.gz
4373e41501aca12fa6a505bae9d6e1895d812a11 107785 hplip_3.13.11-1.debian.tar.gz
caac0cf6e876a77354dc90892fe3533ce89ce4a8 136880 hplip_3.13.11-1_i386.deb
e4e22f5950c5f5e28f2334d3664faa0fdd43bbd3 1321922 hplip-dbg_3.13.11-1_i386.deb
42949293f93266432a9de88e5d31738612816fed 333720 printer-driver-hpijs_3.13.11-1_i386.deb
d25263e95e11e805cc7698646b0325276a9f71cc 307134 printer-driver-hpcups_3.13.11-1_i386.deb
07a67ca0cb5aeb19ccad5f69f87b934fb95d8e59 166786 libhpmud0_3.13.11-1_i386.deb
4653ee052e83977a7d66979caadc0414b2bed171 79858 libhpmud-dev_3.13.11-1_i386.deb
37da6ad4412c44a4b1f9d86100770983ff434e04 177982 libsane-hpaio_3.13.11-1_i386.deb
c60ae33492c3bd07ad573d388ae11d4d3c7e09e8 6564976 hplip-data_3.13.11-1_all.deb
dd76f7cfc1859ef23a03fc608e639f10fe06f741 791216 printer-driver-postscript-hp_3.13.11-1_all.deb
fa4e4e07cf6be13bac17004bbcf425274dc28f97 90440 hplip-gui_3.13.11-1_all.deb
6cd17555913e72d7c3154368571c251600542813 661042 hplip-doc_3.13.11-1_all.deb
e8096e69726eb18631e0feabdecba57f5e2a0bd5 163136 hpijs-ppds_3.13.11-1_all.deb
Checksums-Sha256:
a9c792054ff60a16ca90d7105207321d87d923395c9caa1a44fffb7423382550 2317 hplip_3.13.11-1.dsc
1ea0ed020ab54e08620fe6ea7c30e93dbb8be505f2e6994e7222a7be63ca3b34 21104424 hplip_3.13.11.orig.tar.gz
e16669bbe703b4c6afaabfebf94624f1ce8b44c0526181bdb8c4a123130689e8 107785 hplip_3.13.11-1.debian.tar.gz
da994e25f35c96c34cc3986b4051ec4b5765b8336a18665513e36355a24c86b8 136880 hplip_3.13.11-1_i386.deb
af195a38733a68d6c3c462d15b60fd7031bf32f39ee781f588de97af4532b20b 1321922 hplip-dbg_3.13.11-1_i386.deb
8cd1ad4a5ee744fe45d6d8d19795eff95fed75ca787289a39ed06f748cf570db 333720 printer-driver-hpijs_3.13.11-1_i386.deb
0cffa6bd936a53410697fd6886ebfad597a76722136210fde4aa017aeca4e651 307134 printer-driver-hpcups_3.13.11-1_i386.deb
c305d68680e9d8b9cda343be7c63783818212683e394a7635d92030b970c150e 166786 libhpmud0_3.13.11-1_i386.deb
c47d1670b692e3c94bdc6ac51accb87f24898300031187344903767a9b3eb585 79858 libhpmud-dev_3.13.11-1_i386.deb
632a46db1040e2f7a47789cecc3b81da62d62c9b60027ea00b91fc131897a31f 177982 libsane-hpaio_3.13.11-1_i386.deb
6ddc002b48ab790e0e8cbb0447c4f27e8f4d2400e919109e6bb6799228ad55c6 6564976 hplip-data_3.13.11-1_all.deb
b814ad5dd7c08cec168076aeee810f93cb6845da7ad865be559ef1fc29a1b7aa 791216 printer-driver-postscript-hp_3.13.11-1_all.deb
c9725393b4d8918c87419c25383431b4a5fc3059bac6d390e0154dbc24adf36b 90440 hplip-gui_3.13.11-1_all.deb
898f16c53e0d8a11ed4ffe9e023e3789b82b1296bd86b89db7152a7f7aa959ed 661042 hplip-doc_3.13.11-1_all.deb
393e4e0534057abfa80776bc61d3a0ccf45897ddcff4e58f5638c7fa43107bb8 163136 hpijs-ppds_3.13.11-1_all.deb
Files:
3c902ffcb4be4cee30c872a809b0c497 2317 utils optional hplip_3.13.11-1.dsc
8ee362d9bc45fd4eddd3c9d9e583d728 21104424 utils optional hplip_3.13.11.orig.tar.gz
60d6eab7914b7bcd353d4e82da3e69f5 107785 utils optional hplip_3.13.11-1.debian.tar.gz
ee983e7f045e6a0d8ec2e9e83ef8596a 136880 utils optional hplip_3.13.11-1_i386.deb
f868547e5c69a7552de1dc25682b8ac0 1321922 debug extra hplip-dbg_3.13.11-1_i386.deb
2668f301bf5347e769e6e33a09c3af99 333720 text optional printer-driver-hpijs_3.13.11-1_i386.deb
9b07131f8f814adf51a745e434127399 307134 text optional printer-driver-hpcups_3.13.11-1_i386.deb
df437637d6e31bf4ccfb1b53bf1ad1c1 166786 libs optional libhpmud0_3.13.11-1_i386.deb
c7301a24ace0e26af909b8a905534298 79858 libdevel optional libhpmud-dev_3.13.11-1_i386.deb
cb65259868b4cae73dd798f2078cdd16 177982 libs optional libsane-hpaio_3.13.11-1_i386.deb
c53274bdc0099d81cbc1aad00870950c 6564976 utils optional hplip-data_3.13.11-1_all.deb
1c47c0f3bca0af098c59ca634d553084 791216 utils optional printer-driver-postscript-hp_3.13.11-1_all.deb
0a3a8049372d8c248428e9c3058821f1 90440 utils optional hplip-gui_3.13.11-1_all.deb
905cb953904c04177fe5be89461a411b 661042 doc optional hplip-doc_3.13.11-1_all.deb
62db5a30135c9c091f2f48d5662944fe 163136 utils optional hpijs-ppds_3.13.11-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlKnacwACgkQoCzanz0IthIBYQCfY9xd4PDlU/XUxuxSA9+yGsiv
tRMAmgL/Z272Hr0rVewNMAgm92bMqfE2
=dvwG
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 May 2015 07:34:59 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:03:21 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon