2008-11-15 01:18:40 |
ap |
bug |
|
|
added bug |
2008-11-15 01:18:40 |
ap |
bug |
|
|
added attachment 'Apple_CUPS_vuln.zip' (Apple_CUPS_vuln.zip) |
2008-11-19 18:59:47 |
Kees Cook |
who_made_private |
a.p |
|
|
2008-11-20 09:23:52 |
ap |
bug |
|
|
assigned to cups (openSUSE) |
2008-11-20 10:40:01 |
Martin Pitt |
bug |
|
|
assigned to cups (Debian) |
2008-11-20 10:41:34 |
Martin Pitt |
cups: status |
New |
In Progress |
|
2008-11-20 10:41:34 |
Martin Pitt |
cups: assignee |
|
pitti |
|
2008-11-20 10:41:34 |
Martin Pitt |
cups: importance |
Undecided |
High |
|
2008-11-20 10:41:34 |
Martin Pitt |
cups: statusexplanation |
|
I'll deal with the jaunty/Debian update. I was fairly sure that http://www.cups.org/strfiles/2774/str2774.patch fixed it (in cups 1.3.8), I just get a live-locked browser (tons of message boxes), but cupsd stays alive. I followed up to the Debian bug. |
|
2009-01-02 15:47:37 |
Martin Pitt |
cups: status |
In Progress |
Fix Released |
|
2009-01-02 15:47:37 |
Martin Pitt |
cups: statusexplanation |
I'll deal with the jaunty/Debian update. I was fairly sure that http://www.cups.org/strfiles/2774/str2774.patch fixed it (in cups 1.3.8), I just get a live-locked browser (tons of message boxes), but cupsd stays alive. I followed up to the Debian bug. |
This is fixed in >= 1.3.8 and only affects >= 1.3, thus it is not an issue for intrepid, jaunty, and dapper. |
|
2009-01-02 15:50:58 |
Martin Pitt |
cups: status |
New |
Triaged |
|
2009-01-02 15:50:58 |
Martin Pitt |
cups: statusexplanation |
|
http://www.cups.org/str.php?L2774 has a patch for CVE-2008-5184.
CVE-2008-5183 is not fixed anywhere, not even latest upstream. However, it is just an authenticated local DoS, and thus very low-priority. |
|
2009-01-02 15:51:18 |
Martin Pitt |
cups: status |
New |
Triaged |
|
2009-01-02 15:51:18 |
Martin Pitt |
cups: assignee |
|
ubuntu-security |
|
2009-01-02 15:51:18 |
Martin Pitt |
cups: statusexplanation |
|
|
|
2009-01-04 10:47:54 |
Martin Pitt |
bug |
|
|
assigned to cups (Fedora) |
2009-01-05 00:49:01 |
Bug Watch Updater |
cups: status |
Unknown |
Confirmed |
|
2009-01-12 15:47:43 |
Marc Deslauriers |
cups: status |
Triaged |
Fix Released |
|
2009-01-12 15:47:43 |
Marc Deslauriers |
cups: statusexplanation |
http://www.cups.org/str.php?L2774 has a patch for CVE-2008-5184.
CVE-2008-5183 is not fixed anywhere, not even latest upstream. However, it is just an authenticated local DoS, and thus very low-priority. |
|
|
2009-01-12 15:48:03 |
Marc Deslauriers |
cups: status |
Triaged |
Fix Released |
|
2009-03-10 03:44:00 |
Bug Watch Updater |
cups: status |
Unknown |
Fix Released |
|
2009-12-18 12:40:25 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/intrepid-security/cups |
|
2011-04-12 08:03:47 |
Paul Elliott |
removed subscriber Paul Elliott |
|
|
|
2011-10-19 16:35:46 |
Jamie Strandboge |
removed subscriber Ubuntu Security Team |
|
|
|
2012-06-08 18:51:23 |
koeman |
cups (Ubuntu): assignee |
Martin Pitt (pitti) |
|
|
2017-10-26 23:11:57 |
Bug Watch Updater |
cups (Fedora): status |
Confirmed |
Fix Released |
|
2017-10-26 23:11:57 |
Bug Watch Updater |
cups (Fedora): importance |
Unknown |
Medium |
|