[ubuntu/hardy-security] cupsys_1.3.7-1ubuntu3.1_amd64_translations.tar.gz, cupsys_1.3.7-1ubuntu3.1_powerpc_translations.tar.gz, cupsys_1.3.7-1ubuntu3.1_ia64_translations.tar.gz, cupsys_1.3.7-1ubuntu3.1_hppa_translations.tar.gz, cupsys_1.3.7-1ubuntu3.1_lpia_translations.tar.gz, cupsys, cupsys_1.3.7-1ubuntu3.1_i386_translations.tar.gz, cupsys_1.3.7-1ubuntu3.1_sparc_translations.tar.gz 1.3.7-1ubuntu3.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Oct 15 21:56:53 BST 2008


cupsys (1.3.7-1ubuntu3.1) hardy-security; urgency=low

  * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in
    the SGI filter
    - debian/patches/CVE-2008-3639_sgi_filter_overflow.dpatch: adjust
      filter/image-sgilib.c to properly check for xsize. Taken from Debian
      patch by Martin Pitt.
    - STR #2918
    - CVE-2008-3639
  * SECURITY UPDATE: integer overflow in texttops filter which could lead
    to heap-based overflow
    - debian/patches/CVE-2008-3640_texttops_overflow.dpatch: adjust
      textcommon.c and texttops.c to check for too large or negative page
      metrics. Taken from Debian patch by Martin Pitt.
    - STR #2919
    - CVE-2008-3640
  * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to
    arbitrary code execution
    - debian/patches/CVE-2008-3641_hpgl_filter_overflow.dpatch: adjust
      hpgl-attr.c to properly check for an invalid number of pens. Also
      includes fix for regression in orginal upstream patch which changed
      the color mapping and an off-by-one loop error. Taken from Debian patch
      by Martin Pitt.
    - STR #2911
    - STR #2966
    - CVE-2008-3641

Date: Tue, 14 Oct 2008 13:17:07 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/cupsys/1.3.7-1ubuntu3.1
-------------- next part --------------
Format: 1.7
Date: Tue, 14 Oct 2008 13:17:07 -0500
Source: cupsys
Binary: cupsys cupsys-bsd cupsys-client cupsys-common libcupsimage2 libcupsimage2-dev libcupsys2 libcupsys2-dev
Architecture: amd64_translations amd64 hppa_translations hppa all i386_translations i386 ia64_translations ia64 lpia_translations lpia powerpc_translations powerpc source sparc_translations sparc
Version: 1.3.7-1ubuntu3.1
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
 cupsys     - Common UNIX Printing System(tm) - server
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
 cupsys-common - Common UNIX Printing System(tm) - common files
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System(tm) - libs
 libcupsys2-dev - Common UNIX Printing System(tm) - development files
Changes:
 cupsys (1.3.7-1ubuntu3.1) hardy-security; urgency=low
 .
   * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in
     the SGI filter
     - debian/patches/CVE-2008-3639_sgi_filter_overflow.dpatch: adjust
       filter/image-sgilib.c to properly check for xsize. Taken from Debian
       patch by Martin Pitt.
     - STR #2918
     - CVE-2008-3639
   * SECURITY UPDATE: integer overflow in texttops filter which could lead
     to heap-based overflow
     - debian/patches/CVE-2008-3640_texttops_overflow.dpatch: adjust
       textcommon.c and texttops.c to check for too large or negative page
       metrics. Taken from Debian patch by Martin Pitt.
     - STR #2919
     - CVE-2008-3640
   * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to
     arbitrary code execution
     - debian/patches/CVE-2008-3641_hpgl_filter_overflow.dpatch: adjust
       hpgl-attr.c to properly check for an invalid number of pens. Also
       includes fix for regression in orginal upstream patch which changed
       the color mapping and an off-by-one loop error. Taken from Debian patch
       by Martin Pitt.
     - STR #2911
     - STR #2966
     - CVE-2008-3641
Files:
 b00bc318f07fe5f934db1ac7170ec196 758231 raw-translations - cupsys_1.3.7-1ubuntu3.1_amd64_translations.tar.gz
 8dd137567dbc9644bda3b0a799cb2f6a 177500 libs optional libcupsys2_1.3.7-1ubuntu3.1_amd64.deb
 89ca2e97385912ebf2ffe8a0871610d5 50356 libs optional libcupsimage2_1.3.7-1ubuntu3.1_amd64.deb
 233fbeadff826a6b6f22347559fe8bf5 1880646 net optional cupsys_1.3.7-1ubuntu3.1_amd64.deb
 9a1ac844025f66fb85357e1807256331 89982 net optional cupsys-client_1.3.7-1ubuntu3.1_amd64.deb
 631f297ea0a13321c61ee211d65fceab 344926 libdevel optional libcupsys2-dev_1.3.7-1ubuntu3.1_amd64.deb
 98a65443be4d97fb1de2f8580dd67e40 60892 libdevel optional libcupsimage2-dev_1.3.7-1ubuntu3.1_amd64.deb
 0362fc9c1260486e4d1dcccca8dc60a3 37530 net extra cupsys-bsd_1.3.7-1ubuntu3.1_amd64.deb
 c0e59d80f19b6abb41689a0bd28f666e 758213 raw-translations - cupsys_1.3.7-1ubuntu3.1_hppa_translations.tar.gz
 adea5fef866d18e4415d7804a32c0b6a 184984 libs optional libcupsys2_1.3.7-1ubuntu3.1_hppa.deb
 bde47849f6383d85271167271eedc0dd 54830 libs optional libcupsimage2_1.3.7-1ubuntu3.1_hppa.deb
 5136b32bd3c65771b606176284c08e95 1938462 net optional cupsys_1.3.7-1ubuntu3.1_hppa.deb
 2306cd4d62bb38d46577c9e73fb6e11d 93582 net optional cupsys-client_1.3.7-1ubuntu3.1_hppa.deb
 d19da7b2a7841048ed2382983df30af9 355154 libdevel optional libcupsys2-dev_1.3.7-1ubuntu3.1_hppa.deb
 a98b3be363898932a605e16b085ddc4a 63870 libdevel optional libcupsimage2-dev_1.3.7-1ubuntu3.1_hppa.deb
 bd2a170741fbbab59f2bd9739c485db8 39462 net extra cupsys-bsd_1.3.7-1ubuntu3.1_hppa.deb
 7230e79bb0d6a1435f3ce0de114e1ad3 1143834 net optional cupsys-common_1.3.7-1ubuntu3.1_all.deb
 df3dc0cf670ff570ba907c1b4658d438 1116184 raw-translations - cupsys_1.3.7-1ubuntu3.1_i386_translations.tar.gz
 b1d7b741729749c6a3249fbcd0babe56 174354 libs optional libcupsys2_1.3.7-1ubuntu3.1_i386.deb
 a1d85e18616340eed3778b5286890c08 49838 libs optional libcupsimage2_1.3.7-1ubuntu3.1_i386.deb
 aaa0817cb6b67729276e799275ad3346 1862954 net optional cupsys_1.3.7-1ubuntu3.1_i386.deb
 2e76b5856bde6afe82da9a6b03a98026 88408 net optional cupsys-client_1.3.7-1ubuntu3.1_i386.deb
 f3d29993795e7172667356c8d255f296 339344 libdevel optional libcupsys2-dev_1.3.7-1ubuntu3.1_i386.deb
 b37d935af9661002730cd5cb2b3f11d3 60090 libdevel optional libcupsimage2-dev_1.3.7-1ubuntu3.1_i386.deb
 deba752b21bdf04393626cf35ebb79eb 36952 net extra cupsys-bsd_1.3.7-1ubuntu3.1_i386.deb
 d1190c7031200f5dab87e9ca25b8824c 758227 raw-translations - cupsys_1.3.7-1ubuntu3.1_ia64_translations.tar.gz
 56f6e4f4bce5c8734c1cf7ba359a1649 223080 libs optional libcupsys2_1.3.7-1ubuntu3.1_ia64.deb
 7bb40da5067029dfecc16d1955e3bd7e 74928 libs optional libcupsimage2_1.3.7-1ubuntu3.1_ia64.deb
 0d16c4b1d7aef4b821e794cf9c18f739 2131216 net optional cupsys_1.3.7-1ubuntu3.1_ia64.deb
 85488df6f240182e697b6a6b3a99ff6e 116552 net optional cupsys-client_1.3.7-1ubuntu3.1_ia64.deb
 8cd8f232df32f419e1d2620d36a74adc 399298 libdevel optional libcupsys2-dev_1.3.7-1ubuntu3.1_ia64.deb
 bd1727ea1a82660d1fce8a29358536c9 86420 libdevel optional libcupsimage2-dev_1.3.7-1ubuntu3.1_ia64.deb
 9ce8f853eec65bd80d88cb5bec8f2af0 46406 net extra cupsys-bsd_1.3.7-1ubuntu3.1_ia64.deb
 e6de844584123bd96a043797961b8c23 757645 raw-translations - cupsys_1.3.7-1ubuntu3.1_lpia_translations.tar.gz
 6e0af5026f452171993817fbd6e6b4e7 173276 libs optional libcupsys2_1.3.7-1ubuntu3.1_lpia.deb
 64989632d1f49f5d25209bb9a68809d5 50860 libs optional libcupsimage2_1.3.7-1ubuntu3.1_lpia.deb
 27de39c2fbe2471f11b7756b5bc02cc3 1865262 net optional cupsys_1.3.7-1ubuntu3.1_lpia.deb
 c8b70c2665734c45caa22ae41f60b486 88734 net optional cupsys-client_1.3.7-1ubuntu3.1_lpia.deb
 ca60ea21ad93aca447e1ae04e0ad818f 337020 libdevel optional libcupsys2-dev_1.3.7-1ubuntu3.1_lpia.deb
 b54c6711e74c55777f0e509f642c42f0 60540 libdevel optional libcupsimage2-dev_1.3.7-1ubuntu3.1_lpia.deb
 c46beddd8f227e1ee0b1c9a80d41b19a 36676 net extra cupsys-bsd_1.3.7-1ubuntu3.1_lpia.deb
 01a6194b4584f5f268d36b3c624f0c37 758233 raw-translations - cupsys_1.3.7-1ubuntu3.1_powerpc_translations.tar.gz
 e303094f36fcc1af0ac40321411bd90a 183238 libs optional libcupsys2_1.3.7-1ubuntu3.1_powerpc.deb
 d762741ddd48f75e0e54ffd0efc45645 54940 libs optional libcupsimage2_1.3.7-1ubuntu3.1_powerpc.deb
 0facca356ce9e5ffdacffde23d0713e3 1949134 net optional cupsys_1.3.7-1ubuntu3.1_powerpc.deb
 44e0741ccd8b9edab092b835c6831aca 110808 net optional cupsys-client_1.3.7-1ubuntu3.1_powerpc.deb
 0958081b22a680ccf1f30abc36c06054 341670 libdevel optional libcupsys2-dev_1.3.7-1ubuntu3.1_powerpc.deb
 367a29bd4545906374eb27c511d33658 59924 libdevel optional libcupsimage2-dev_1.3.7-1ubuntu3.1_powerpc.deb
 d8e051bd4e95f28090036d7087437127 46932 net extra cupsys-bsd_1.3.7-1ubuntu3.1_powerpc.deb
 de3ffa5e20bdbc0bd61cf543cc2d351f 1433 net optional cupsys_1.3.7-1ubuntu3.1.dsc
 8146f7a668701caad4379707ccedf538 133549 net optional cupsys_1.3.7-1ubuntu3.1.diff.gz
 252ccef2da5ccda6885bddd9d911a698 758235 raw-translations - cupsys_1.3.7-1ubuntu3.1_sparc_translations.tar.gz
 4a5e9e3508932262eefe3b08f94019d0 173184 libs optional libcupsys2_1.3.7-1ubuntu3.1_sparc.deb
 cc45265b41fd932d084a6bce9888e67f 48242 libs optional libcupsimage2_1.3.7-1ubuntu3.1_sparc.deb
 31192c6d2b5a6dca4eaf065c541795fc 1897904 net optional cupsys_1.3.7-1ubuntu3.1_sparc.deb
 832edccd7ed2eec51759bbcce97536b1 91034 net optional cupsys-client_1.3.7-1ubuntu3.1_sparc.deb
 9411fb065604b882530faf47a0a85d4e 341388 libdevel optional libcupsys2-dev_1.3.7-1ubuntu3.1_sparc.deb
 398dadf7e1ee5075e4d3e2a4766b4580 57856 libdevel optional libcupsimage2-dev_1.3.7-1ubuntu3.1_sparc.deb
 a8ee904a732a7392314b9b4f2faf5557 38028 net extra cupsys-bsd_1.3.7-1ubuntu3.1_sparc.deb
Original-Maintainer: Debian CUPS Maintainers <pkg-cups-devel at lists.alioth.debian.org>


More information about the Hardy-changes mailing list