Comment 8 for bug 1349387

It seems the check for the world-readable permission was added in the latest security update.

"apt-get source cups", then open cups-1.7.2/debian/patches/CVE-2014-3537.patch and look at these lines:

+ /*
+ * Similarly, if the file/directory does not have world read permissions, do
+ * not allow access...
+ */
+
+ if (!status && !(filestats->st_mode & S_IROTH))
+ {
+ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+ return (NULL);
+ }

That looks familiar.
The permissions of all CUPS files (especially the ones mentioned in the previous comment) should be revised. The world-readable bit may be missing in those files.
Also need to see why the permissions of /etc/cups/cupsd.conf are reverted when they are changed in the GUI and fix that.