Comment 9 for bug 1349387

The update was to fix CVE-2014-3537 (as mentioned above).
But that fix is incomplete: CVE-2014-5029 (not fixed in Ubuntu yet: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5029.html)

CUPS developers know of this regression: https://cups.org/str.php?L4461
There's also a fix in that bug report, already shipped for Debian, and another patch which was just added.
So this will be fixed, eventually.

@Marc Deslauriers, I subscribed you so that you are aware of this bug report in Launchpad (even though you already are aware of the regression).