Re: cups-filters 1.2.0 released!
On Wed, Dec 02, 2015 at 02:36:06PM +0100, Didier 'OdyX' Raboud wrote:
> Le mardi, 1 décembre 2015, 09.14:12 Moritz Muehlenhoff a écrit :
> > B0;115;0cOn Mon, Nov 30, 2015 at 10:21:58PM +0100, Didier 'OdyX'
> Raboud wrote:
> > > Hi Till,
> > >
> > > Le jeudi, 26 novembre 2015, 18.08:16 Till Kamppeter a écrit :
> > > > I have released cups-filters 1.2.0 now, with the following
> > > > changes:
> > > >
> > > > - cups-browsed: When using IP-address-based device URIs via the
> > > > "IPBasedDeviceURIs" directive in cups-browsed.conf, add two
> > > > additional settings to restrict the used IP addresses to either
> > > > only IPv4 addresses or only IPv6 addresses.
> > > > - foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as
> > > > an
> > > > illegal shell escape character. Thanks to Michal Kowalczyk from
> > > > the
> > > > Google Security Team for the hint (CVE-2015-8327).
> > >
> > > Uploaded, thanks!
> > >
> > > I'm hereby CC'ing the security team to discuss the backport of that
> > > security fix (patch CC'ed) to jessie-security. At this stage, I
> > > don't
> > > have more details than the above, can you share more Till?
> >
> > Thanks! Please upload to security-master. I'll take care of the DSA.
>
> Uploaded, thanks. But…
>
> As Till mentionned further down that thread:
> Le mardi, 1 décembre 2015, 08.47:36 Till Kamppeter a écrit :
> > foomatic-rip is part of cups-filters from version 1.0.42 on, before
> > that version, foomatic-rip of the foomatic-filters package was used.
>
> That means that src:foomatic-filters is affected by this bug, for all
> suites. That also means pre-jessie src:cups-filters versions are
> unaffected.
Do you know why foomatic-filters is still a separate package in testing/sid, then?
Is there a usecase not covered by the version in cups-filters?
Cheers,
Moritz
Reply to: