[ubuntu/karmic-security] cups_1.4.1-5ubuntu2.6_sparc_translations.tar.gz (delayed), cups_1.4.1-5ubuntu2.6_i386_translations.tar.gz, cups_1.4.1-5ubuntu2.6_lpia_translations.tar.gz, cups_1.4.1-5ubuntu2.6_ia64_translations.tar.gz, cups_1.4.1-5ubuntu2.6_amd64_translations.tar.gz, cups, cups_1.4.1-5ubuntu2.6_powerpc_translations.tar.gz, cups_1.4.1-5ubuntu2.6_armel_translations.tar.gz 1.4.1-5ubuntu2.6 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Jun 21 18:04:11 BST 2010 

cups (1.4.1-5ubuntu2.6) karmic-security; urgency=low

  * SECURITY UPDATE: cross-site request forgery in admin interface
    - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
      to cgi-bin/cgi.h, cgi-bin/libcupscgi.exp, cgi-bin/template.c,
      cgi-bin/var.c, templates/*.tmpl.
    - CVE-2010-0540
  * SECURITY UPDATE: denial of service or arbitrary code execution in
    texttops image filter
    - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
      filter/texttops.c.
    - CVE-2010-0542
  * SECURITY UPDATE: web interface memory disclosure
    - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
    - CVE-2010-1748
  * SECURITY UPDATE: file overwrite vulnerability
    - debian/patches/security-str3510.dpatch: introduce cups_open() in
      cups/file.c and use to make sure hard-linked or symlinked files don't
      get overwritten as root.
    - No CVE number
  * debian/libcupscgi1.symbols: Add new symbols

Date: Fri, 18 Jun 2010 09:55:36 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/cups/1.4.1-5ubuntu2.6
-------------- next part --------------
Format: 1.8
Date: Fri, 18 Jun 2010 09:55:36 -0400
Source: cups
Binary: libcups2 libcupsimage2 libcupscgi1 libcupsdriver1 libcupsmime1 libcupsppdc1 cups cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev libcupsdriver1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common cups-ppdc cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd cupsys-dbg cupsddk
Architecture: source
Version: 1.4.1-5ubuntu2.6
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 cups       - Common UNIX Printing System(tm) - server
 cups-bsd   - Common UNIX Printing System(tm) - BSD commands
 cups-client - Common UNIX Printing System(tm) - client programs (SysV)
 cups-common - Common UNIX Printing System(tm) - common files
 cups-dbg   - Common UNIX Printing System(tm) - debugging symbols
 cups-ppdc  - Common UNIX Printing System(tm) - PPD manipulation utilities
 cupsddk    - Common UNIX Printing System (transitional package)
 cupsys     - Common UNIX Printing System (transitional package)
 cupsys-bsd - Common UNIX Printing System (transitional package)
 cupsys-client - Common UNIX Printing System (transitional package)
 cupsys-common - Common UNIX Printing System (transitional package)
 cupsys-dbg - Common UNIX Printing System (transitional package)
 libcups2   - Common UNIX Printing System(tm) - Core library
 libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library
 libcupscgi1 - Common UNIX Printing System(tm) - CGI library
 libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI libra
 libcupsdriver1 - Common UNIX Printing System(tm) - Driver library
 libcupsdriver1-dev - Common UNIX Printing System(tm) - Development files driver librar
 libcupsimage2 - Common UNIX Printing System(tm) - Raster image library
 libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li
 libcupsmime1 - Common UNIX Printing System(tm) - MIME library
 libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME library
 libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library
 libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD library
Changes: 
 cups (1.4.1-5ubuntu2.6) karmic-security; urgency=low
 .
   * SECURITY UPDATE: cross-site request forgery in admin interface
     - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
       to cgi-bin/cgi.h, cgi-bin/libcupscgi.exp, cgi-bin/template.c,
       cgi-bin/var.c, templates/*.tmpl.
     - CVE-2010-0540
   * SECURITY UPDATE: denial of service or arbitrary code execution in
     texttops image filter
     - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
       filter/texttops.c.
     - CVE-2010-0542
   * SECURITY UPDATE: web interface memory disclosure
     - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
     - CVE-2010-1748
   * SECURITY UPDATE: file overwrite vulnerability
     - debian/patches/security-str3510.dpatch: introduce cups_open() in
       cups/file.c and use to make sure hard-linked or symlinked files don't
       get overwritten as root.
     - No CVE number
   * debian/libcupscgi1.symbols: Add new symbols
Checksums-Sha1: 
 a581d7f10907cb5c54b98cdff6bd851a78f3ac2c 2273 cups_1.4.1-5ubuntu2.6.dsc
 51bbe9476d0809a0d4931c981cdfc0c040bff746 430803 cups_1.4.1-5ubuntu2.6.diff.gz
Checksums-Sha256: 
 935611e11357ea49dee05f4899b1a7a77964d61850bd7c46c8b5dca68a4a0f8b 2273 cups_1.4.1-5ubuntu2.6.dsc
 233aeaa9f68282657a5f74c8f38d73f6da62c7b86a900b321e0665d3445457cf 430803 cups_1.4.1-5ubuntu2.6.diff.gz
Files: 
 893689e77881954b258ddb7107aa699e 2273 net optional cups_1.4.1-5ubuntu2.6.dsc
 9896ab093cf6c3ef71a80e0c37e4b7aa 430803 net optional cups_1.4.1-5ubuntu2.6.diff.gz
Original-Maintainer: Debian CUPS Maintainers <pkg-cups-devel at lists.alioth.debian.org>

More information about the Karmic-changes mailing list