[ubuntu/trusty-proposed] cups-filters 1.0.47-0ubuntu1 (Accepted)

Till Kamppeter till.kamppeter at gmail.com
Tue Mar 11 12:29:12 UTC 2014 

cups-filters (1.0.47-0ubuntu1) trusty; urgency=medium

  * New upstream release 1.0.47
     - pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475,
       and CVE-2013-6476: Introduction of gmallocn and gmallocn3
       to protect against arbitrary code execution with the
       privileges of the "lp" user via malicious PDF files. Also
       restrict the directory from where OPVP drivers can get
       loaded.
     - urftopdf: SECURITY FIX for CVE-2013-6473: Two heap-based
       buffer overflow flaws in urftopdf. If a malicious URF file
       were processed it could lead to arbitrary code execution
       with the privileges of the "lp" user.
     - pdftopdf: Fixed typo in initialization which sets the default
       value page border to an undefined value. Thanks to Helge
       Blischke for the patch.
     - cups-browsed: Check for changes of the URI of a queue which
       we have created and correct the URI if needed, especially if
       a queue was not removed on shutdown of cups-browsed (default
       printer or still having jobs) and before restart of
       cups-browsed the server's DNS-SD-provided has changed.
     - bannertopdf: Support PDF forms as banner template. This allows
       especially internationalized banner pages. Forms can contain
       fields for any CUPS/IPP value and get automatically filled
       Thanks to Andrew V. Stepanov from ALT Linux (Bug #1170,
       also first step to fix Ubuntu bug #1196986).
  * Removed hard dependency of cups-browsed on avahi-daemon, demoted Depends: to
    Recommends: and removed "on started avahi-daemon" from the "start on ..."
    rule in /etc/init/cups-browsed.conf (LP: #1242185, LP: #1178172).

Date: Mon, 10 Mar 2014 13:40:06 +0100
Changed-By: Till Kamppeter <till.kamppeter at gmail.com>
Maintainer: Debian Printing Team <debian-printing at lists.debian.org>
https://launchpad.net/ubuntu/trusty/+source/cups-filters/1.0.47-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 10 Mar 2014 13:40:06 +0100
Source: cups-filters
Binary: libcupsfilters1 libfontembed1 cups-filters cups-filters-core-drivers libcupsfilters-dev libfontembed-dev cups-browsed
Architecture: source
Version: 1.0.47-0ubuntu1
Distribution: trusty
Urgency: medium
Maintainer: Debian Printing Team <debian-printing at lists.debian.org>
Changed-By: Till Kamppeter <till.kamppeter at gmail.com>
Description: 
 cups-browsed - OpenPrinting CUPS Filters - cups-browsed
 cups-filters - OpenPrinting CUPS Filters - Main Package
 cups-filters-core-drivers - OpenPrinting CUPS Filters - PPD-less printing
 libcupsfilters-dev - OpenPrinting CUPS Filters - Development files for the library
 libcupsfilters1 - OpenPrinting CUPS Filters - Shared library
 libfontembed-dev - OpenPrinting CUPS Filters - Development files for font embed libr
 libfontembed1 - OpenPrinting CUPS Filters - Font Embed Shared library
Launchpad-Bugs-Fixed: 1178172 1242185
Changes: 
 cups-filters (1.0.47-0ubuntu1) trusty; urgency=medium
 .
   * New upstream release 1.0.47
      - pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475,
        and CVE-2013-6476: Introduction of gmallocn and gmallocn3
        to protect against arbitrary code execution with the
        privileges of the "lp" user via malicious PDF files. Also
        restrict the directory from where OPVP drivers can get
        loaded.
      - urftopdf: SECURITY FIX for CVE-2013-6473: Two heap-based
        buffer overflow flaws in urftopdf. If a malicious URF file
        were processed it could lead to arbitrary code execution
        with the privileges of the "lp" user.
      - pdftopdf: Fixed typo in initialization which sets the default
        value page border to an undefined value. Thanks to Helge
        Blischke for the patch.
      - cups-browsed: Check for changes of the URI of a queue which
        we have created and correct the URI if needed, especially if
        a queue was not removed on shutdown of cups-browsed (default
        printer or still having jobs) and before restart of
        cups-browsed the server's DNS-SD-provided has changed.
      - bannertopdf: Support PDF forms as banner template. This allows
        especially internationalized banner pages. Forms can contain
        fields for any CUPS/IPP value and get automatically filled
        Thanks to Andrew V. Stepanov from ALT Linux (Bug #1170,
        also first step to fix Ubuntu bug #1196986).
   * Removed hard dependency of cups-browsed on avahi-daemon, demoted Depends: to
     Recommends: and removed "on started avahi-daemon" from the "start on ..."
     rule in /etc/init/cups-browsed.conf (LP: #1242185, LP: #1178172).
Checksums-Sha1: 
 2a0203798f817d420d6511b3375a5e63afd86dd6 2240 cups-filters_1.0.47-0ubuntu1.dsc
 1645b70f83c9e3722860848c6db67a5916d480a7 1310256 cups-filters_1.0.47.orig.tar.xz
 844d05ec24108c7b08acecdedec11d78c40cbcc6 70952 cups-filters_1.0.47-0ubuntu1.debian.tar.gz
Checksums-Sha256: 
 977bd48c934fa409cd5d1127452c90f24b95a163a111c6d8ffb30181eadfc473 2240 cups-filters_1.0.47-0ubuntu1.dsc
 5c49f221f0b2954584eb17303e618a2db59027434d9a48a89c11faf03a9f0870 1310256 cups-filters_1.0.47.orig.tar.xz
 6cadb6a3ea3ac019731f8c56c593d2c6eeb0b33596c19ed3e3ec24eed148317b 70952 cups-filters_1.0.47-0ubuntu1.debian.tar.gz
Files: 
 5ee85fe6d393451fda9e77a6e35b25e8 2240 net optional cups-filters_1.0.47-0ubuntu1.dsc
 c1baecc8996c97af1ffe58b5f2046e86 1310256 net optional cups-filters_1.0.47.orig.tar.xz
 b29c6ebc58679bb0ce240e0f85cff7a3 70952 net optional cups-filters_1.0.47-0ubuntu1.debian.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlMfAVgACgkQTuVatl/cKEnSWQCfT/RMpkktiz452VJCYXR3ZhVc
eYkAnjZpE7Gy5HsDBzWc6/8gLIqolLJL
=VmqN
-----END PGP SIGNATURE-----

More information about the Trusty-changes mailing list