[ubuntu/karmic-security] cups_1.4.1-5ubuntu2.1_sparc_translations.tar.gz, cups_1.4.1-5ubuntu2.1_lpia_translations.tar.gz, cups_1.4.1-5ubuntu2.1_ia64_translations.tar.gz, cups_1.4.1-5ubuntu2.1_i386_translations.tar.gz, cups_1.4.1-5ubuntu2.1_amd64_translations.tar.gz, cups, cups_1.4.1-5ubuntu2.1_armel_translations.tar.gz, cups_1.4.1-5ubuntu2.1_powerpc_translations.tar.gz 1.4.1-5ubuntu2.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Tue Nov 10 14:04:58 GMT 2009


cups (1.4.1-5ubuntu2.1) karmic-security; urgency=low

  * SECURITY UPDATE: XSS and CRLF injection in headers
    - debian/patches/CVE-2009-2820.dpatch: Introduce cgiClearVariables() in
      cgi-bin/{var.c,cgi.h,libcupscgi.exp}. Clear out variables in
      cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and
      clear out variables in cgi-bin/admin.c. Filter more characters in
      cgi-bin/template.c.
    - debian/libcupscgi1.symbols: add new symbol from security patch
    - CVE-2009-2820

Date: Fri, 30 Oct 2009 14:02:38 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/cups/1.4.1-5ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Fri, 30 Oct 2009 14:02:38 -0400
Source: cups
Binary: libcups2 libcupsimage2 libcupscgi1 libcupsdriver1 libcupsmime1 libcupsppdc1 cups cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev libcupsdriver1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common cups-ppdc cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd cupsys-dbg cupsddk
Architecture: source
Version: 1.4.1-5ubuntu2.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 cups       - Common UNIX Printing System(tm) - server
 cups-bsd   - Common UNIX Printing System(tm) - BSD commands
 cups-client - Common UNIX Printing System(tm) - client programs (SysV)
 cups-common - Common UNIX Printing System(tm) - common files
 cups-dbg   - Common UNIX Printing System(tm) - debugging symbols
 cups-ppdc  - Common UNIX Printing System(tm) - PPD manipulation utilities
 cupsddk    - Common UNIX Printing System (transitional package)
 cupsys     - Common UNIX Printing System (transitional package)
 cupsys-bsd - Common UNIX Printing System (transitional package)
 cupsys-client - Common UNIX Printing System (transitional package)
 cupsys-common - Common UNIX Printing System (transitional package)
 cupsys-dbg - Common UNIX Printing System (transitional package)
 libcups2   - Common UNIX Printing System(tm) - Core library
 libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library
 libcupscgi1 - Common UNIX Printing System(tm) - CGI library
 libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI libra
 libcupsdriver1 - Common UNIX Printing System(tm) - Driver library
 libcupsdriver1-dev - Common UNIX Printing System(tm) - Development files driver librar
 libcupsimage2 - Common UNIX Printing System(tm) - Raster image library
 libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li
 libcupsmime1 - Common UNIX Printing System(tm) - MIME library
 libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME library
 libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library
 libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD library
Changes: 
 cups (1.4.1-5ubuntu2.1) karmic-security; urgency=low
 .
   * SECURITY UPDATE: XSS and CRLF injection in headers
     - debian/patches/CVE-2009-2820.dpatch: Introduce cgiClearVariables() in
       cgi-bin/{var.c,cgi.h,libcupscgi.exp}. Clear out variables in
       cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and
       clear out variables in cgi-bin/admin.c. Filter more characters in
       cgi-bin/template.c.
     - debian/libcupscgi1.symbols: add new symbol from security patch
     - CVE-2009-2820
Checksums-Sha1: 
 4a9ad61489bd346b4c62998085b3d8cc3ce2d1fb 2272 cups_1.4.1-5ubuntu2.1.dsc
 027f58b34dd171b49c66c1dde4da3f46bf395f2a 414079 cups_1.4.1-5ubuntu2.1.diff.gz
Checksums-Sha256: 
 a16b0fcc3b5e97a896c11029c71b063e4b4bfc27265cc791586ddab0c5d3f782 2272 cups_1.4.1-5ubuntu2.1.dsc
 1661e9896636e6c81c4b277fa4f07bb1fc4e93a01ed4cce2f9effd3e4d8725e9 414079 cups_1.4.1-5ubuntu2.1.diff.gz
Files: 
 965843554a241b6a33a579a0e2a5d654 2272 net optional cups_1.4.1-5ubuntu2.1.dsc
 ec1b2785e204040587d379dd0e641ad1 414079 net optional cups_1.4.1-5ubuntu2.1.diff.gz
Original-Maintainer: Debian CUPS Maintainers <pkg-cups-devel at lists.alioth.debian.org>


More information about the Karmic-changes mailing list