Ubuntu
cups-filters package

cups-filters 1.0.53 security tracking bug

Bug #1316229 reported by Marc Deslauriers on 2014-05-05

256

This bug affects 1 person

	Status	Importance	Assigned to
cups-filters (Ubuntu)	Fix Released	Undecided	Unassigned
Trusty	Fix Released	Medium	Marc Deslauriers
Utopic	Fix Released	Undecided	Unassigned

Bug Description

cups-filters 1.0.53 contains two security issues.

CVE numbers have been requested, but are not yet available:

http://www.openwall.com/lists/oss-security/2014/04/25/7

Related branches

lp:ubuntu/trusty-security/cups-filters

CVE References

2014-2707

Marc Deslauriers (mdeslaur) on 2014-05-05

Changed in cups-filters (Ubuntu Utopic):
status:	New → Fix Released
Changed in cups-filters (Ubuntu Trusty):
status:	New → In Progress
assignee:	nobody → Marc Deslauriers (mdeslaur)
importance:	Undecided → Medium

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-05-08:

This bug was fixed in the package cups-filters - 1.0.52-0ubuntu1.1

---------------
cups-filters (1.0.52-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: arbitrary code injection via malicous print servers
    (LP: #1316229)
    - debian/patches/CVE-2014-2707-part2.patch: also sanitize remote
      queue name in utils/cups-browsed.c.
    - CVE number pending
  * SECURITY UPDATE: BrowseAllow option fails open (LP: #1316229)
    - debian/patches/fix_browseallow.patch: Deny access if BrowseAllow
      option is invalid in utils/cups-browsed.c.
    - CVE number pending
-- Marc Deslauriers <email address hidden> Mon, 05 May 2014 13:02:52 -0400

Changed in cups-filters (Ubuntu Trusty):
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntucups-filters package