[ubuntu/hardy-security] cupsys_1.3.7-1ubuntu3.11_hppa_translations.tar.gz, cupsys_1.3.7-1ubuntu3.11_lpia_translations.tar.gz, cupsys_1.3.7-1ubuntu3.11_sparc_translations.tar.gz (delayed), cupsys_1.3.7-1ubuntu3.11_i386_translations.tar.gz, cupsys_1.3.7-1ubuntu3.11_ia64_translations.tar.gz, cupsys_1.3.7-1ubuntu3.11_powerpc_translations.tar.gz, cupsys, cupsys_1.3.7-1ubuntu3.11_amd64_translations.tar.gz 1.3.7-1ubuntu3.11 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Jun 21 18:05:22 BST 2010
cupsys (1.3.7-1ubuntu3.11) hardy-security; urgency=low
* SECURITY UPDATE: cross-site request forgery in admin interface
- debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
templates/*.tmpl.
- CVE-2010-0540
* SECURITY UPDATE: denial of service or arbitrary code execution in
texttops image filter
- debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
filter/texttops.c.
- CVE-2010-0542
* SECURITY UPDATE: web interface memory disclosure
- debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
- CVE-2010-1748
* SECURITY UPDATE: file overwrite vulnerability
- debian/patches/security-str3510.dpatch: introduce cups_open() in
cups/file.c and use to make sure hard-linked or symlinked files don't
get overwritten as root.
- No CVE number
Date: Fri, 18 Jun 2010 10:32:12 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/cupsys/1.3.7-1ubuntu3.11
-------------- next part --------------
Format: 1.7
Date: Fri, 18 Jun 2010 10:32:12 -0400
Source: cupsys
Binary: libcupsys2 libcupsimage2 cupsys cupsys-client libcupsys2-dev libcupsimage2-dev cupsys-bsd cupsys-common
Architecture: source
Version: 1.3.7-1ubuntu3.11
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
cupsys - Common UNIX Printing System(tm) - server
cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
cupsys-common - Common UNIX Printing System(tm) - common files
libcupsimage2 - Common UNIX Printing System(tm) - image libs
libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
libcupsys2 - Common UNIX Printing System(tm) - libs
libcupsys2-dev - Common UNIX Printing System(tm) - development files
Changes:
cupsys (1.3.7-1ubuntu3.11) hardy-security; urgency=low
.
* SECURITY UPDATE: cross-site request forgery in admin interface
- debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
templates/*.tmpl.
- CVE-2010-0540
* SECURITY UPDATE: denial of service or arbitrary code execution in
texttops image filter
- debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
filter/texttops.c.
- CVE-2010-0542
* SECURITY UPDATE: web interface memory disclosure
- debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
- CVE-2010-1748
* SECURITY UPDATE: file overwrite vulnerability
- debian/patches/security-str3510.dpatch: introduce cups_open() in
cups/file.c and use to make sure hard-linked or symlinked files don't
get overwritten as root.
- No CVE number
Files:
f04fc7976a0a92b58e57ff27631efab0 1444 net optional cupsys_1.3.7-1ubuntu3.11.dsc
c20cc845d61bec4c777a623bdd3a6043 152646 net optional cupsys_1.3.7-1ubuntu3.11.diff.gz
Original-Maintainer: Debian CUPS Maintainers <pkg-cups-devel at lists.alioth.debian.org>
More information about the Hardy-changes
mailing list