[SECURITY] [DLA 2237-1] cups security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : cups
Version : 1.7.5-11+deb8u8
CVE ID : CVE-2019-8842 CVE-2020-3898
The following CVE(s) were reported against src:cups.
CVE-2019-8842
The `ippReadIO` function may under-read an extension field.
CVE-2020-3898
There was a heap based buffer overflow in libcups's
ppdFindOption() in ppd-mark.c.
The `ppdOpen` function did not handle invalid UI constraint.
`ppdcSource::get_resolution` function did not handle invalid
resolution strings.
For Debian 8 "Jessie", these problems have been fixed in version
1.7.5-11+deb8u8.
We recommend that you upgrade your cups packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl7dFWYACgkQgj6WdgbD
S5aQsg//ZXbv/VTGqUktLe5MxBv7w6doVzcosIliVOG6xdBmaYXLrAmJMcqo7YUv
ql96dFTMceUE1gLr7y0Zqt7TihSpxKMnjtFtVCduI2CjkktejmSCB3TrFS+iABjd
7rghoVESrlW4lBAKWXAPElIQp15EsLbqoK8OyAr37RTZcm0ejYeZMoGOEURt9EiD
s8kS21kBMLRb6DSrm3yr5Ivji/VFVZEDKLm4XuW6cMQjb9U9AQ86VM1q4YCVgd4/
a//nLJEv0SEgRjbs8psjzAmmeaF4s6nKjzxzqg9Ryhx0Luxt1uNhkNHydN7jhQpz
jchbjZ4rtKS2V+ZptH/hUpzhXOSS6sQ8tkZymJH/ISFVJA6MzbmObZFp8soq7bmA
ahyJAkfjCbvc5LHA5kItX68iWJPvz5jtby1LSPPDIdlEYSfC7ZtjxB/xYOGuezGm
LfpQCcUK7TTNIn/CEDcpYYnkDwZRd1UJAx8PYCa5wJ3HIFQtCBD8I3qkg21e0B+u
k2qKPKJduMNn15Uxc0MvGNwW52i6slsirJhtCjWCjaU72hlnFwk0kJ5XEX15aV1u
4kQihqUv9dMuQsgS8nHLRcE5Q/8HeXXxwcKODcYMrsoW6KLrVfBsIjIFFDt/TyWf
gkS47j2pII2VOL9MONEyujXCchtw2ZuqEoHK1+ln3xqQRMnoha4=
=U7cE
-----END PGP SIGNATURE-----
Reply to: