* New upstream release 1.0.47
- pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475,
and CVE-2013-6476: Introduction of gmallocn and gmallocn3
to protect against arbitrary code execution with the
privileges of the "lp" user via malicious PDF files. Also
restrict the directory from where OPVP drivers can get
loaded.
- urftopdf: SECURITY FIX for CVE-2013-6473: Two heap-based
buffer overflow flaws in urftopdf. If a malicious URF file
were processed it could lead to arbitrary code execution
with the privileges of the "lp" user.
- pdftopdf: Fixed typo in initialization which sets the default
value page border to an undefined value. Thanks to Helge
Blischke for the patch.
- cups-browsed: Check for changes of the URI of a queue which
we have created and correct the URI if needed, especially if
a queue was not removed on shutdown of cups-browsed (default
printer or still having jobs) and before restart of
cups-browsed the server's DNS-SD-provided has changed.
- bannertopdf: Support PDF forms as banner template. This allows
especially internationalized banner pages. Forms can contain
fields for any CUPS/IPP value and get automatically filled
Thanks to Andrew V. Stepanov from ALT Linux (Bug #1170,
also first step to fix Ubuntu bug #1196986).
* Removed hard dependency of cups-browsed on avahi-daemon, demoted Depends: to
Recommends: and removed "on started avahi-daemon" from the "start on ..."
rule in /etc/init/cups-browsed.conf (LP: #1242185, LP: #1178172).
-- Till Kamppeter <email address hidden> Mon, 10 Mar 2014 13:40:06 +0100
This bug was fixed in the package cups-filters - 1.0.47-0ubuntu1
---------------
cups-filters (1.0.47-0ubuntu1) trusty; urgency=medium
* New upstream release 1.0.47 cups-browsed. conf (LP: #1242185, LP: #1178172).
- pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475,
and CVE-2013-6476: Introduction of gmallocn and gmallocn3
to protect against arbitrary code execution with the
privileges of the "lp" user via malicious PDF files. Also
restrict the directory from where OPVP drivers can get
loaded.
- urftopdf: SECURITY FIX for CVE-2013-6473: Two heap-based
buffer overflow flaws in urftopdf. If a malicious URF file
were processed it could lead to arbitrary code execution
with the privileges of the "lp" user.
- pdftopdf: Fixed typo in initialization which sets the default
value page border to an undefined value. Thanks to Helge
Blischke for the patch.
- cups-browsed: Check for changes of the URI of a queue which
we have created and correct the URI if needed, especially if
a queue was not removed on shutdown of cups-browsed (default
printer or still having jobs) and before restart of
cups-browsed the server's DNS-SD-provided has changed.
- bannertopdf: Support PDF forms as banner template. This allows
especially internationalized banner pages. Forms can contain
fields for any CUPS/IPP value and get automatically filled
Thanks to Andrew V. Stepanov from ALT Linux (Bug #1170,
also first step to fix Ubuntu bug #1196986).
* Removed hard dependency of cups-browsed on avahi-daemon, demoted Depends: to
Recommends: and removed "on started avahi-daemon" from the "start on ..."
rule in /etc/init/
-- Till Kamppeter <email address hidden> Mon, 10 Mar 2014 13:40:06 +0100