Message-ID: <email address hidden> Date: Thu, 23 Dec 2004 14:02:01 +0100 From: Martin Pitt <email address hidden> To: Debian Bug Tracking System <email address hidden> Subject: cupsys: Several security vulnerabilities
--0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
Package: cupsys Version: 1.1.20final+rc1-10 Severity: critical Tags: security patch Justification: root security hole
Hi!
Recently CAN-2004-1125 has been discovered in xpdf. Since CUPS contains verbatim xpdf code (sigh), this package is affected as well.
http://www.idefense.com/application/poi/display?id=3D172
In addition, there are four additional CANs which were recently discovered by some students of D. J. Bernstein, which concern the HPGL input driver and lppasswd.
http://tigger.uic.edu/~jlongs2/holes/cups.txt http://tigger.uic.edu/~jlongs2/holes/cups2.txt
Please also see the Ubuntu security notice for details:
http://www.ubuntulinux.org/support/documentation/usn/usn-50-1
You can get the Ubuntu security patch from
http://patches.ubuntu.com/patches/cupsys.multiple-CAN.diff
Thanks,
Martin
--=20 Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
--0F1p//8PRICkK4MW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBysHJDecnbV4Fd/IRAvrnAJ9XDUjaoDJ5/RmZ2YcnlJ0SCNcPzACggfn2 K3x1dIAvlvhXfevIgT73qrM= =TeYj -----END PGP SIGNATURE-----
--0F1p//8PRICkK4MW--
Message-ID: <email address hidden>
Date: Thu, 23 Dec 2004 14:02:01 +0100
From: Martin Pitt <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: cupsys: Several security vulnerabilities
--0F1p//8PRICkK4MW Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: cupsys
Version: 1.1.20final+rc1-10
Severity: critical
Tags: security patch
Justification: root security hole
Hi!
Recently CAN-2004-1125 has been discovered in xpdf. Since CUPS
contains verbatim xpdf code (sigh), this package is affected as well.
http:// www.idefense. com/application /poi/display? id=3D172
In addition, there are four additional CANs which were recently
discovered by some students of D. J. Bernstein, which concern the HPGL
input driver and lppasswd.
http:// tigger. uic.edu/ ~jlongs2/ holes/cups. txt tigger. uic.edu/ ~jlongs2/ holes/cups2. txt
http://
Please also see the Ubuntu security notice for details:
http:// www.ubuntulinux .org/support/ documentation/ usn/usn- 50-1
You can get the Ubuntu security patch from
http:// patches. ubuntu. com/patches/ cupsys. multiple- CAN.diff
Thanks,
Martin
--=20 www.piware. de www.ubuntulinux .org www.debian. org
Martin Pitt http://
Ubuntu Developer http://
Debian GNU/Linux Developer http://
--0F1p//8PRICkK4MW pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
nbV4Fd/ IRAvrnAJ9XDUjao DJ5/RmZ2YcnlJ0S CNcPzACggfn2 IgT73qrM=
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBysHJDec
K3x1dIAvlvhXfev
=TeYj
-----END PGP SIGNATURE-----
--0F1p/ /8PRICkK4MW- -