[ubuntu/hardy-security] cupsys_1.3.7-1ubuntu3.6_sparc_translations.tar.gz, cupsys_1.3.7-1ubuntu3.6_hppa_translations.tar.gz, cupsys_1.3.7-1ubuntu3.6_i386_translations.tar.gz, cupsys_1.3.7-1ubuntu3.6_amd64_translations.tar.gz, cupsys_1.3.7-1ubuntu3.6_lpia_translations.tar.gz, cupsys_1.3.7-1ubuntu3.6_ia64_translations.tar.gz, cupsys, cupsys_1.3.7-1ubuntu3.6_powerpc_translations.tar.gz 1.3.7-1ubuntu3.6 (Accepted)

Ubuntu Installer archive at ubuntu.com
Tue Nov 10 15:05:51 GMT 2009 

cupsys (1.3.7-1ubuntu3.6) hardy-security; urgency=low

  * SECURITY UPDATE: XSS and CRLF injection in headers
    - debian/patches/CVE-2009-2820.dpatch: Introduce cgiClearVariables() in
      cgi-bin/{var.c,cgi.h}. Clear out variables in
      cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and
      clear out variables in cgi-bin/admin.c. Filter more characters in
      cgi-bin/template.c.
    - CVE-2009-2820

Date: Fri, 30 Oct 2009 21:38:14 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/cupsys/1.3.7-1ubuntu3.6
-------------- next part --------------
Format: 1.7
Date: Fri, 30 Oct 2009 21:38:14 -0400
Source: cupsys
Binary: libcupsys2 libcupsimage2 cupsys cupsys-client libcupsys2-dev libcupsimage2-dev cupsys-bsd cupsys-common
Architecture: source
Version: 1.3.7-1ubuntu3.6
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 cupsys     - Common UNIX Printing System(tm) - server
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
 cupsys-common - Common UNIX Printing System(tm) - common files
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System(tm) - libs
 libcupsys2-dev - Common UNIX Printing System(tm) - development files
Changes: 
 cupsys (1.3.7-1ubuntu3.6) hardy-security; urgency=low
 .
   * SECURITY UPDATE: XSS and CRLF injection in headers
     - debian/patches/CVE-2009-2820.dpatch: Introduce cgiClearVariables() in
       cgi-bin/{var.c,cgi.h}. Clear out variables in
       cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and
       clear out variables in cgi-bin/admin.c. Filter more characters in
       cgi-bin/template.c.
     - CVE-2009-2820
Files: 
 ca6956a573222ee58f15c60a90782325 1441 net optional cupsys_1.3.7-1ubuntu3.6.dsc
 1f4c6bba57e34c8b0445bd657f018518 138908 net optional cupsys_1.3.7-1ubuntu3.6.diff.gz
Original-Maintainer: Debian CUPS Maintainers <pkg-cups-devel at lists.alioth.debian.org>

More information about the Hardy-changes mailing list