Re: CUPS vulnerabilities (remote root compromise)
On Fri, Dec 20, 2002 at 12:17:18AM -0600, David Ehle wrote:
>
> Hello all,
>
> Is the Debian package of cups Vulnerable to the security issues
> detailed here?:
> http://www.idefense.com/advisory/12.19.02.txt
>
> It doesn't mentions version 1.1.15-4 explicitly, but the vulnerablites
> havn't been tested on many different Distros yet.
>
> If the Debian package is affected, does Mr. Licquia have a timetable on
> when our version will be patched?
Yes, it is vulnerable. The version in woody is 1.1.14-3, and an advisory is
pending. Unstable already has 1.1.18-1 which contains the fixes.
It sounds like you are running the testing version, in which case you must
handle your own security update.
--
- mdz
Reply to: