Bug#741318: marked as done (cups-filters: CVE-2013-6476 CVE-2013-6475 CVE-2013-6474 CVE-2013-6473)
Your message dated Sun, 16 Mar 2014 19:47:05 +0000
with message-id <E1WPH1V-0006br-3w@franck.debian.org>
and subject line Bug#741318: fixed in cups-filters 1.0.18-2.1+deb7u1
has caused the Debian Bug report #741318,
regarding cups-filters: CVE-2013-6476 CVE-2013-6475 CVE-2013-6474 CVE-2013-6473
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
741318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741318
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: cups-filters
Severity: grave
Tags: security
Justification: user security hole
Hi,
Fixed upstream in 1.0.47:
CVE-2013-6473:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175
CVE-2013-6474:
CVE-2013-6475:
CVE-2013-6476:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
I haven't checked the filters from src:cups in oldstable yet.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
- To: 741318-close@bugs.debian.org
- Subject: Bug#741318: fixed in cups-filters 1.0.18-2.1+deb7u1
- From: Didier Raboud <odyx@debian.org>
- Date: Sun, 16 Mar 2014 19:47:05 +0000
- Message-id: <E1WPH1V-0006br-3w@franck.debian.org>
Source: cups-filters
Source-Version: 1.0.18-2.1+deb7u1
We believe that the bug you reported is fixed in the latest version of
cups-filters, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 741318@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups-filters package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 11 Mar 2014 14:03:57 +0100
Source: cups-filters
Binary: libcupsfilters1 cups-filters libcupsfilters-dev
Architecture: source amd64
Version: 1.0.18-2.1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Description:
cups-filters - OpenPrinting CUPS Filters
libcupsfilters-dev - OpenPrinting CUPS Filters - Development files for the library
libcupsfilters1 - OpenPrinting CUPS Filters - Shared library
Closes: 741318
Changes:
cups-filters (1.0.18-2.1+deb7u1) stable-security; urgency=high
.
* Backport security fix from cups-filters 1.0.47:
pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475, and
CVE-2013-6476: Introduction of gmallocn and gmallocn3 to protect against
arbitrary code execution with the privileges of the "lp" user via
malicious PDF files. Also restrict the directory from where OPVP drivers
can get loaded (Closes: #741318)
Checksums-Sha1:
e8efd8a886f21a95b648a6911fada91d3fc5f60f 2331 cups-filters_1.0.18-2.1+deb7u1.dsc
00fa6d585a4b546b36d0f4a92855a43982933875 1022509 cups-filters_1.0.18.orig.tar.gz
9e86b8b6e5ce25ed72fc86d43e9848e8b3577d90 42634 cups-filters_1.0.18-2.1+deb7u1.debian.tar.gz
4c2a140c6d9c3d781ba0d5581b92a990a8ebda25 65740 libcupsfilters1_1.0.18-2.1+deb7u1_amd64.deb
bcc53db485f08448dec57f3c562930dab8202514 387130 cups-filters_1.0.18-2.1+deb7u1_amd64.deb
a44c05253eff7270d8c3a0228921f2aae351f3b1 76752 libcupsfilters-dev_1.0.18-2.1+deb7u1_amd64.deb
Checksums-Sha256:
bb6ec5c361e2055dce9a0c697a3b565ef4ac338fc9caeaa45a65cc0cc80434e5 2331 cups-filters_1.0.18-2.1+deb7u1.dsc
6926980653e7cb5f94b91921517678cca7f0e6781364823a05f7b4b0ec919106 1022509 cups-filters_1.0.18.orig.tar.gz
9ab29ee0c71eb7b5c11063e8094f0b08e91a4c604bf66b76ae70407a0dfb6ff2 42634 cups-filters_1.0.18-2.1+deb7u1.debian.tar.gz
44350be3b210b6728b13a5ce8a09fcf9a4799563153fec37eefc1b404d7294d7 65740 libcupsfilters1_1.0.18-2.1+deb7u1_amd64.deb
c11bc67afe1c43caf48eb6419d01ccebb008e99c862b6c42131c62025d2b420f 387130 cups-filters_1.0.18-2.1+deb7u1_amd64.deb
547f453f5c46975b899630b27cb973c7b7b32a0137fcb6acc346443a5b79de45 76752 libcupsfilters-dev_1.0.18-2.1+deb7u1_amd64.deb
Files:
154983b5286a45c564b28d3f884ca518 2331 net optional cups-filters_1.0.18-2.1+deb7u1.dsc
63972b426b7224915cdbb42b2a937374 1022509 net optional cups-filters_1.0.18.orig.tar.gz
148d683c261510862b3589cc42ecb469 42634 net optional cups-filters_1.0.18-2.1+deb7u1.debian.tar.gz
af130d679362919bf04b02275760b0d9 65740 libs optional libcupsfilters1_1.0.18-2.1+deb7u1_amd64.deb
21b027e21028a8d24a29cb8f3b72ca18 387130 net optional cups-filters_1.0.18-2.1+deb7u1_amd64.deb
c21d78b73949cde82612321e69df310a 76752 libdevel optional libcupsfilters-dev_1.0.18-2.1+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCAAGBQJTHxhAAAoJEIvPpx7KFjRVaIkL+QEEQRAQNGzBWFzzMukWyTaf
vJ+GTIjj8rTq/ND2RwBDGALOWt4mTaapAkPwTupwdpNTsnRsVDxEQQZBPWq80nUc
XuhyLDC77GP5+roqJ/6VPUUTH/60Ou4jRvW90A7CGrIyTKgBIUm9v7D4+o9AF9Pd
pJVHSUKICSUIQRCnx+nAoUrJ3KT2bfzdGNo11B3chia8Ud8y+EyRdYoeVQKQz4gS
pUGiAqCR0wQyUCISc5X+2tVlJbbDUCuWJT7jfotcbVXOByCeYwDE3BISfT8nw25V
vq0PG+IWzm5t/DWyQrW1IO8lsOmnBotlH3dnjENlZvjhHMvUb2SUicKghTDAqlyZ
zd10x8ef9oLHMnvEkY+icrRyHF5UveLckpyXyUholEf2zW7wucwhyrRVUKPJAqEb
2KssFSnrWgePYQoRx5au28noPy1kttYEj1t/4OdzzypJ/9ok0++JVOG1wFIypVv3
2UH6wrBc4I4p5r+/eENDzIsXJ+i2oq/pQyspvGHk8g==
=r5uh
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: