Bug#891142: stretch-pu: package cups/2.2.1-8+
Control: tags -1 + confirmed
On Thu, 2018-02-22 at 17:57 +0100, Didier 'OdyX' Raboud wrote:
> CUPS is affected by CVE-2017-18190: remote attackers could execute
> arbitrary
> IPP commands by sending POST requests to the CUPS daemon in
> conjunction with
> DNS rebinding. This was caused by a whitelisted
> "localhost.localdomain" entry.
>
> According to the Security Team it doesn't warrant a DSA, but still
> makes sense
> to be addressed on Stretch (and Jessie). It was fixed independently
> on wheezy
> already.
>
> The proposed debdiff is attached; can I upload to stretch?
Please go ahead.
> Do you need another bug for Jessie ?
Yes, please.
Regards,
Adam
Reply to: