Accepted cupsys 1.1.20final+rc1-10ubuntu6 (source)

Martin Pitt martin.pitt at canonical.com
Thu Dec 23 04:25:04 CST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 23 Dec 2004 11:18:50 +0100
Source: cupsys
Binary: cupsys-bsd libcupsys2-dev libcupsys2 cupsys libcupsys2-gnutls10 libcupsimage2-dev libcupsimage2 cupsys-client
Architecture: source
Version: 1.1.20final+rc1-10ubuntu6
Distribution: hoary
Urgency: low
Maintainer: Kenshi Muto <kmuto at debian.org>
Changed-By: Martin Pitt <martin.pitt at canonical.com>
Description: 
 cupsys     - Common UNIX Printing System(tm) - server
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System(tm) - dummy libs for transition
 libcupsys2-dev - Common UNIX Printing System(tm) - development files
 libcupsys2-gnutls10 - Common UNIX Printing System(tm) - libs
Changes: 
 cupsys (1.1.20final+rc1-10ubuntu6) hoary; urgency=low
 .
   * SECURITY UPDATE: fixed multiple buffer overflows
   * Added patch 39CAN-2004-1125.patch:
     - cupsys contains code from xpdf, therefore CAN-2004-1125 applies, too.
     - References:
       CAN-2004-1125
       http://www.idefense.com/application/poi/display?id=172
   * Added patch 40CAN-2004-1267.patch:
     - filter/hpgl-input.c, ParseCommand(): Prevent reading an arbitrary string
       into statically sized buffer "buf"; clip string if necessary.
     - patch taken from http://www.cups.org/str.php?L1024+P0+S-2+C0+I0+E0+Qhpgl
     - Thanks to Ariel Berkman for spotting this.
     - References:
       CAN-2004-1267
       http://tigger.uic.edu/~jlongs2/holes/cups.txt
   * Added patch 41CAN-2004-1268+1269+1270.patch: fix several vulns in
     systemv/lppasswd.c:
     - Check return value of fputs() and fprintf() when writing to the new
       password file. When ignoring them, an user can truncate the new passwd
       file by filling up the disk at the right moment. Now unlink the file on
       error and print out a message.
     - If the passwd.new file reaches the maximum file size system limit, the
       new file was not deleted, thus lppasswd could not be used again. Now
       ignores all relevant signals and unlinks the new file on write error.
     - Check that the output file is not stdin, stdout, or stderr; otherwise
       error messages would be written into the output file which would destroy
       it.
     - Thanks to Bartlomiej Sieka for spotting this.
     - References:
       CAN-2004-1268
       CAN-2004-1269
       CAN-2004-1270
       http://tigger.uic.edu/~jlongs2/holes/cups2.txt
Files: 
 da83a8fd1cb4bd6ffe7d2a46fb203088 851 net optional cupsys_1.1.20final+rc1-10ubuntu6.dsc
 8a0079542123c869152bacd4a45f8d6f 1279547 net optional cupsys_1.1.20final+rc1-10ubuntu6.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBypwSDecnbV4Fd/IRAo0yAJ0ZSixhBn6F8q6Q1fK1iA/SAa8H7ACgk2Qk
B8aOSiNOki5RZMBIcAIGhgY=
=6PIG
-----END PGP SIGNATURE-----


Accepted:
cupsys_1.1.20final+rc1-10ubuntu6.diff.gz
  to pool/main/c/cupsys/cupsys_1.1.20final+rc1-10ubuntu6.diff.gz
cupsys_1.1.20final+rc1-10ubuntu6.dsc
  to pool/main/c/cupsys/cupsys_1.1.20final+rc1-10ubuntu6.dsc

More information about the hoary-changes mailing list