[ubuntu/dapper-security] cupsys (delayed), cupsys 1.2.2-0ubuntu0.6.06.19 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Jun 21 18:05:39 BST 2010
cupsys (1.2.2-0ubuntu0.6.06.19) dapper-security; urgency=low
* SECURITY UPDATE: cross-site request forgery in admin interface
- debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
templates/*.tmpl.
- CVE-2010-0540
* SECURITY UPDATE: denial of service or arbitrary code execution in
texttops image filter
- debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
filter/texttops.c.
- CVE-2010-0542
* SECURITY UPDATE: web interface memory disclosure
- debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
- CVE-2010-1748
* SECURITY UPDATE: file overwrite vulnerability
- debian/patches/security-str3510.dpatch: introduce cups_open() in
cups/file.c and use to make sure hard-linked or symlinked files don't
get overwritten as root.
- No CVE number
Date: Fri, 18 Jun 2010 10:37:35 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Debian CUPS Maintainers <pkg-cups-devel at lists.alioth.debian.org>
https://launchpad.net/ubuntu/dapper/+source/cupsys/1.2.2-0ubuntu0.6.06.19
-------------- next part --------------
Format: 1.7
Date: Fri, 18 Jun 2010 10:37:35 -0400
Source: cupsys
Binary: cupsys-bsd libcupsys2-dev libcupsys2 cupsys libcupsys2-gnutls10 libcupsimage2-dev libcupsimage2 cupsys-client
Architecture: source
Version: 1.2.2-0ubuntu0.6.06.19
Distribution: dapper-security
Urgency: low
Maintainer: Debian CUPS Maintainers <pkg-cups-devel at lists.alioth.debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
cupsys - Common UNIX Printing System(tm) - server
cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
libcupsimage2 - Common UNIX Printing System(tm) - image libs
libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
libcupsys2 - Common UNIX Printing System(tm) - libs
libcupsys2-dev - Common UNIX Printing System(tm) - development files
libcupsys2-gnutls10 - Common UNIX Printing System(tm) - dummy libs for transition
Changes:
cupsys (1.2.2-0ubuntu0.6.06.19) dapper-security; urgency=low
.
* SECURITY UPDATE: cross-site request forgery in admin interface
- debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
templates/*.tmpl.
- CVE-2010-0540
* SECURITY UPDATE: denial of service or arbitrary code execution in
texttops image filter
- debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
filter/texttops.c.
- CVE-2010-0542
* SECURITY UPDATE: web interface memory disclosure
- debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
- CVE-2010-1748
* SECURITY UPDATE: file overwrite vulnerability
- debian/patches/security-str3510.dpatch: introduce cups_open() in
cups/file.c and use to make sure hard-linked or symlinked files don't
get overwritten as root.
- No CVE number
Files:
177a2f8e4a29a35ea13fd51256f1380f 1061 net optional cupsys_1.2.2-0ubuntu0.6.06.19.dsc
005b2e259ee2bc9aeb334d3b2ca51faa 115313 net optional cupsys_1.2.2-0ubuntu0.6.06.19.diff.gz
More information about the dapper-changes
mailing list