[ubuntu/jaunty-security] cups_1.3.9-17ubuntu3.9_armel_translations.tar.gz, cups_1.3.9-17ubuntu3.9_amd64_translations.tar.gz, cups_1.3.9-17ubuntu3.9_hppa_translations.tar.gz, cups_1.3.9-17ubuntu3.9_sparc_translations.tar.gz (delayed), cups_1.3.9-17ubuntu3.9_i386_translations.tar.gz, cups_1.3.9-17ubuntu3.9_lpia_translations.tar.gz, cups_1.3.9-17ubuntu3.9_ia64_translations.tar.gz, cups, cups_1.3.9-17ubuntu3.9_powerpc_translations.tar.gz 1.3.9-17ubuntu3.9 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Jun 21 18:04:50 BST 2010 

cups (1.3.9-17ubuntu3.9) jaunty-security; urgency=low

  * SECURITY UPDATE: cross-site request forgery in admin interface
    - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
      to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
      cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
      templates/*.tmpl.
    - CVE-2010-0540
  * SECURITY UPDATE: denial of service or arbitrary code execution in
    texttops image filter
    - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
      filter/texttops.c.
    - CVE-2010-0542
  * SECURITY UPDATE: web interface memory disclosure
    - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
    - CVE-2010-1748
  * SECURITY UPDATE: file overwrite vulnerability
    - debian/patches/security-str3510.dpatch: introduce cups_open() in
      cups/file.c and use to make sure hard-linked or symlinked files don't
      get overwritten as root.
    - No CVE number

Date: Fri, 18 Jun 2010 10:26:08 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/cups/1.3.9-17ubuntu3.9
-------------- next part --------------
Format: 1.8
Date: Fri, 18 Jun 2010 10:26:08 -0400
Source: cups
Binary: libcups2 libcupsimage2 cups cups-client libcups2-dev libcupsimage2-dev cups-bsd cups-common cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd cupsys-dbg libcupsys2 libcupsys2-dev
Architecture: source
Version: 1.3.9-17ubuntu3.9
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 cups       - Common UNIX Printing System(tm) - server
 cups-bsd   - Common UNIX Printing System(tm) - BSD commands
 cups-client - Common UNIX Printing System(tm) - client programs (SysV)
 cups-common - Common UNIX Printing System(tm) - common files
 cups-dbg   - Common UNIX Printing System(tm) - debugging symbols
 cupsys     - Common UNIX Printing System (transitional package)
 cupsys-bsd - Common UNIX Printing System (transitional package)
 cupsys-client - Common UNIX Printing System (transitional package)
 cupsys-common - Common UNIX Printing System (transitional package)
 cupsys-dbg - Common UNIX Printing System (transitional package)
 libcups2   - Common UNIX Printing System(tm) - libs
 libcups2-dev - Common UNIX Printing System(tm) - development files
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System (transitional package)
 libcupsys2-dev - Common UNIX Printing System (transitional package)
Changes: 
 cups (1.3.9-17ubuntu3.9) jaunty-security; urgency=low
 .
   * SECURITY UPDATE: cross-site request forgery in admin interface
     - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
       to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
       cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
       templates/*.tmpl.
     - CVE-2010-0540
   * SECURITY UPDATE: denial of service or arbitrary code execution in
     texttops image filter
     - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
       filter/texttops.c.
     - CVE-2010-0542
   * SECURITY UPDATE: web interface memory disclosure
     - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
     - CVE-2010-1748
   * SECURITY UPDATE: file overwrite vulnerability
     - debian/patches/security-str3510.dpatch: introduce cups_open() in
       cups/file.c and use to make sure hard-linked or symlinked files don't
       get overwritten as root.
     - No CVE number
Checksums-Sha1: 
 5e589221bc9b11482489438ec328db3dd759c2db 1995 cups_1.3.9-17ubuntu3.9.dsc
 973e50f46068e659967614246457ee5e253a34e6 347764 cups_1.3.9-17ubuntu3.9.diff.gz
Checksums-Sha256: 
 986ca35aa5a6a054d1b1386587591f5c96261f7ff76d6ea90b6edfb064428dcf 1995 cups_1.3.9-17ubuntu3.9.dsc
 756c166c4adf650dc8f0288c0daf51387e10b8ee9bf238d1d4083dc351d7bc47 347764 cups_1.3.9-17ubuntu3.9.diff.gz
Files: 
 00cc768af9e65ccaaed74d7c4352e86d 1995 net optional cups_1.3.9-17ubuntu3.9.dsc
 2955695161c0ce780898d42714dba9c8 347764 net optional cups_1.3.9-17ubuntu3.9.diff.gz
Original-Maintainer: Debian CUPS Maintainers <pkg-cups-devel at lists.alioth.debian.org>

More information about the Jaunty-changes mailing list