Accepted cupsys 1.0.4-12.1 (sparc source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.6
Date: Fri, 17 Jan 2003 13:50:33 -0500
Source: cupsys
Binary: cupsys-bsd libcupsys1 cupsys libcupsys1-dev
Architecture: source sparc
Version: 1.0.4-12.1
Distribution: oldstable-security
Urgency: high
Maintainer: Martin Schulze <joey@debian.org>
Description:
cupsys - Common UNIX Printing System(tm) - base
cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
libcupsys1 - Common UNIX Printing System(tm) - libs
libcupsys1-dev - Common UNIX Printing System(tm) - development files
Changes:
cupsys (1.0.4-12.1) oldstable-security; urgency=high
.
* Security team NMU
* Fix bugs reported in iDEFENSE advisory
http://www.idefense.com/advisory/12.19.02.txt
- [issue 1] patch integer overflows in image handling code
(filter/image-*.c)
- [issue 2] not applicable to this version
- [issue 3] check for invalid URIs in browse packets
(scheduler/dirsvc.c)
- [issue 4] protect against negative length memcpy calls
(scheduler/client.c, cups/http.c)
- [issue 5] fix unsafe strncat calls
(scheduler/job.c)
- [issue 6] add check for zero-{width,height} GIF image
(filter/image-gif.c)
- [issue 7] detect errors and close file descriptors appropriately
(scheduler/client.c)
* Fix other instances of incorrect strncat usage
(scheduler/client.c, scheduler/dirsvc.c,
scheduler/log.c)
* Include additional fixes from Debian maintainer, Jeff Licquia
<licquia@debian.org>
- Recover from file descriptor DoS more gracefully
- Fix from upstream to return status indicating whether
CloseClient was called, to prevent further processing
- add missing CloseClient call which caused DoS to be
re-introduced by above patch
Files:
4dc208e40f63d9489096094c816e0aab 640 net extra cupsys_1.0.4-12.1.dsc
d27ef43f96213e35a3fcd43aa14a4b5a 31087 net extra cupsys_1.0.4-12.1.diff.gz
9c7717d9a987f034145e8a5de53e5cfa 2348864 net extra cupsys_1.0.4-12.1_sparc.deb
654ebb56f716c96073902a978cc3b463 71318 net extra libcupsys1_1.0.4-12.1_sparc.deb
06d607a21e84d6fb1b938ea3fcf48d43 89346 net extra libcupsys1-dev_1.0.4-12.1_sparc.deb
7f89e6c646e2fd71fdc64f377d994359 16860 net extra cupsys-bsd_1.0.4-12.1_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+KQzYW5ql+IAeqTIRAr8aAJoCOQ5LUp27vM9cSWOWI2UNc83YFgCguM1p
ijQP/JyjMpLD8qlMXDE3qXw=
=pdYJ
-----END PGP SIGNATURE-----
Accepted:
cupsys-bsd_1.0.4-12.1_sparc.deb
to pool/main/c/cupsys/cupsys-bsd_1.0.4-12.1_sparc.deb
cupsys_1.0.4-12.1.diff.gz
to pool/main/c/cupsys/cupsys_1.0.4-12.1.diff.gz
cupsys_1.0.4-12.1.dsc
to pool/main/c/cupsys/cupsys_1.0.4-12.1.dsc
cupsys_1.0.4-12.1_sparc.deb
to pool/main/c/cupsys/cupsys_1.0.4-12.1_sparc.deb
libcupsys1-dev_1.0.4-12.1_sparc.deb
to pool/main/c/cupsys/libcupsys1-dev_1.0.4-12.1_sparc.deb
libcupsys1_1.0.4-12.1_sparc.deb
to pool/main/c/cupsys/libcupsys1_1.0.4-12.1_sparc.deb
Reply to: