[Bug 2089041] Re: Please merge cups cups_2.4.10-2 from debian unstable
Ubuntu Foundations Team Bug Bot
2089041 at bugs.launchpad.net
Thu Nov 21 16:23:11 UTC 2024
The attachment "cups_2.4.10-2ubuntu1.debdiff" seems to be a debdiff.
The ubuntu-sponsors team has been subscribed to the bug report so that
they can review and hopefully sponsor the debdiff. If the attachment
isn't a patch, please remove the "patch" flag from the attachment,
remove the "patch" tag, and if you are member of the ~ubuntu-sponsors,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2089041
Title:
Please merge cups cups_2.4.10-2 from debian unstable
Status in cups package in Ubuntu:
Confirmed
Bug description:
cups (2.4.10-2) unstable; urgency=medium
[ Helge Kreutzmann ]
* Update German man page (2219t)
[ Thorsten Alteholz ]
* CVE-2024-47175
Fix CVE and upstream also added some extra hardening to patch
- validate URIs, attribute names, and capabilities
in cups/ppd-cache.c, scheduler/ipp.c
- sanitize make and model in cups/ppd-cache.c
- PPDize preset and template names in cups/ppd-cache.c
- quote PPD localized strings in cups/ppd-cache.c
- fix warnings in cups/ppd-cache.c
-- Thorsten Alteholz <debian at alteholz.de> Thu, 26 Sep 2024 23:45:05
+0200
The debian CVE mega-patch is identical to our 5 patches, I've verified after applying patches (there's just a copyright year diff).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/2089041/+subscriptions
More information about the Ubuntu-sponsors
mailing list