[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1038885: marked as done (cups: CVE-2023-34241: use-after-free in cupsdAcceptClient())

Your message dated Thu, 29 Jun 2023 22:32:31 +0000
with message-id <E1qF0Bj-00CiLa-Ad@fasolo.debian.org>
and subject line Bug#1038885: fixed in cups 2.3.3op2-3+deb11u3
has caused the Debian Bug report #1038885,
regarding cups: CVE-2023-34241: use-after-free in cupsdAcceptClient()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1038885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038885
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: cups
Version: 2.4.2-4
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for cups.

CVE-2023-34241[0]:
| use-after-free in cupsdAcceptClient()


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-34241
    https://www.cve.org/CVERecord?id=CVE-2023-34241
[1] https://www.openwall.com/lists/oss-security/2023/06/22/4

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: cups
Source-Version: 2.3.3op2-3+deb11u3
Done: Thorsten Alteholz <debian@alteholz.de>

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038885@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jun 2023 10:54:05 +0200
Source: cups
Architecture: source
Version: 2.3.3op2-3+deb11u3
Distribution: bullseye
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1038885
Changes:
 cups (2.3.3op2-3+deb11u3) bullseye; urgency=medium
 .
   * CVE-2023-34241 (Closes: #1038885)
     use-after-free in cupsdAcceptClient()
 .
   * CVE-2023-32324
     A heap buffer overflow vulnerability would allow a remote attacker to
     lauch a dos attack.
Checksums-Sha1:
 55682922a8c8f819e1a4447d5d5af63fe3cb11e6 3412 cups_2.3.3op2-3+deb11u3.dsc
 3a4a4d9e4ba24c1a9330d656f315fa2d30c234ef 347576 cups_2.3.3op2-3+deb11u3.debian.tar.xz
 461a5e0e64de79506bd71ba348b6efd48a2f682f 14313 cups_2.3.3op2-3+deb11u3_amd64.buildinfo
Checksums-Sha256:
 6d1f86d4784dfb2d3f7e7eece9c52aa35d3bac8da728afd5a7f17668612544d0 3412 cups_2.3.3op2-3+deb11u3.dsc
 492308e0bc659f2e9808c9f603ed5615d96c230430ddc2d792e8b479ee1d0f53 347576 cups_2.3.3op2-3+deb11u3.debian.tar.xz
 38edc8e73f0db239dd72ed13d75a48eaefc8b8d71c89c2f1512ab52de2ef459d 14313 cups_2.3.3op2-3+deb11u3_amd64.buildinfo
Files:
 af4ea4f4be58ae1612f769739fd76a00 3412 net optional cups_2.3.3op2-3+deb11u3.dsc
 ceaa3066078e5763a9d7abe226ec7193 347576 net optional cups_2.3.3op2-3+deb11u3.debian.tar.xz
 b4abf40fe6d89c9191b712f31faa2aa1 14313 net optional cups_2.3.3op2-3+deb11u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmScqShfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR/MfD/9Tu4IOWZktGDQSu+EOff0Qak5sxsBg
fqCfpM77R2e4JKlENm/nKUkCqpjBN924P11/cRIlbojD0BkfYmAa3YHsfHhGcleR
PvMcCpaQ66WR8d17gqgVVBEexfUxs0Y9QetNMUOAMyd4WoweTlzVgeOGD6jrc3cQ
Ea9qx/Gs6eK2CWwz65W56vWcic44NgvCG2gxXBrSzmISshmr5k+fDKsfZq7wtTJt
Hz/qm++MlGrHpDe+w3HcfYAzTj375Ae9XdTBKnQMIUAhcR5lX67d870VLMEGSHFO
hGGtlqlUdcHfawIIC6hmowLC9KA4c1mCx012zB/d/CyN+Lb23DSipsGOAV01NuaI
8KPV0zISJxyWFaeSk74JXVp1ue6QQuhAUe/n7Fg8DJBmgXT+1dN1BuJBxuHm8ZTV
f+oZzb2+uOgKUvuHYUGG+jHZmFPWABwwLzn0xUQAadmRWeEuB+WR2ePmVsEnsekm
LrxNavw/6sEDJH5A1Y/P0/T/KKZXrFgO3478mBLh3Dxt0i1bFmJ9d2D7BzIMwYsO
WDIHvs+MckjTrEdmohcPCnK6HDEUfgoGcSWgWykRcAwNKvLKlTaKjYqL/1NuA0gq
ZIQDHc9QnkEq13p1/wd+XNcidQ+QZNLO8kttDIOUpuPsjduJqarM2uO6iiw6CS5t
6MvFfDaMbnNfmA==
=na6J
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: