Accepted cupsys 1.1.14-4.1 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 20 Dec 2002 15:01:27 -0500
Source: cupsys
Binary: cupsys-bsd cupsys-client libcupsys2-dev cupsys libcupsys2 cupsys-pstoraster
Architecture: source i386
Version: 1.1.14-4.1
Distribution: stable-security
Urgency: high
Maintainer: Jeff Licquia <licquia@debian.org>
Changed-By: Matt Zimmerman <mdz@debian.org>
Description:
cupsys - Common UNIX Printing System(tm) - server
cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
cupsys-pstoraster - Common UNIX Printing System(tm) - pstoraster
libcupsys2 - Common UNIX Printing System(tm) - libs
libcupsys2-dev - Common UNIX Printing System(tm) - development files
Changes:
cupsys (1.1.14-4.1) stable-security; urgency=high
.
* Security team NMU
* Increment version to skip unwanted upload to stable
* Apply upstream's patches for bugs reported in iDEFENSE advisory
http://www.idefense.com/advisory/12.19.02.txt
- [issue 1] patch integer overflows in HTTP interface and
image handling code
(cgi-bin/var.c, filter/image-*.c)
- [issue 2] use O_EXCL to prevent race (scheduler/cert.c)
- [issue 3] check for invalid URIs in browse packets
(scheduler/dirsvc.c)
- [issue 4] protect against negative length memcpy calls
(scheduler/client.c, cups/http.c)
- [issue 5] fix unsafe strncat calls
(scheduler/job.c)
- [issue 6] add check for zero-{width,height} GIF image
(filter/image-gif.c)
- [issue 7] detect errors and close file descriptors appropriately
(scheduler/client.c)
* Fix other instances of incorrect strncat usage
(scheduler/client.c, cgi-bin/ipp-var.c, scheduler/dirsvc.c,
scheduler/log.c, systemv/cupsaddsmb.c)
* Correct build-dependencies, s/libgnutls-dev/gnutls-dev/
Files:
3785c8912fd92848cdb8a3e832b101b2 703 net optional cupsys_1.1.14-4.1.dsc
0dfa41f29fa73e7744903b2471d2ca2f 6150756 net optional cupsys_1.1.14.orig.tar.gz
ccc0eb43b7462660c88e5580268c9e53 33134 net optional cupsys_1.1.14-4.1.diff.gz
8f4faad69b93ae7d294b35f0c14f61ee 1787356 net optional cupsys_1.1.14-4.1_i386.deb
ad87100632a1d3e9a0c5406ba016261a 83392 net optional cupsys-client_1.1.14-4.1_i386.deb
f75e9c2bac47841152759cb1231195ca 110106 libs optional libcupsys2_1.1.14-4.1_i386.deb
8ef34f17cca8ff3c60c2f26a581f3458 135544 devel optional libcupsys2-dev_1.1.14-4.1_i386.deb
5b62045baae8bfd3d230fb30ab3c91d0 67242 net extra cupsys-bsd_1.1.14-4.1_i386.deb
2ae1c531847f0173860614d3cf679604 2311224 net optional cupsys-pstoraster_1.1.14-4.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+A4slArxCt0PiXR4RAhzOAKCkgNEpICZ4S8Q8GIgN/+0hx3l3pQCguSfj
WP3+8ppQChTEGc1EJ2EriTI=
=DWo1
-----END PGP SIGNATURE-----
Accepted:
cupsys-bsd_1.1.14-4.1_i386.deb
to pool/main/c/cupsys/cupsys-bsd_1.1.14-4.1_i386.deb
cupsys-client_1.1.14-4.1_i386.deb
to pool/main/c/cupsys/cupsys-client_1.1.14-4.1_i386.deb
cupsys-pstoraster_1.1.14-4.1_i386.deb
to pool/main/c/cupsys/cupsys-pstoraster_1.1.14-4.1_i386.deb
cupsys_1.1.14-4.1.diff.gz
to pool/main/c/cupsys/cupsys_1.1.14-4.1.diff.gz
cupsys_1.1.14-4.1.dsc
to pool/main/c/cupsys/cupsys_1.1.14-4.1.dsc
cupsys_1.1.14-4.1_i386.deb
to pool/main/c/cupsys/cupsys_1.1.14-4.1_i386.deb
libcupsys2-dev_1.1.14-4.1_i386.deb
to pool/main/c/cupsys/libcupsys2-dev_1.1.14-4.1_i386.deb
libcupsys2_1.1.14-4.1_i386.deb
to pool/main/c/cupsys/libcupsys2_1.1.14-4.1_i386.deb
Reply to: