Bug#499842: CVE-2008-2940/-2941: security issues in hplip
fixed 499842 2.8.6-1
thanks
Both issues affect 1.6.10-3etch1 in etch.
Of the three patches, this one
https://bugzilla.redhat.com/attachment.cgi?id=312880
introduces a new config file /etc/hp/alerts.conf . I am not sure if
this is good for a stable security update, but it may be ok if the
feature is nearly never used. Maybe the maintainer could comment?
The code in lenny (2.8.6) is quite different. AFAICS, hpssd does not
open any listening socket anymore so CVE-2008-2941 is not an issue.
And the alert email code seems to be commented out, therefore
CVE-2008-2940 is also an non-issue.
Reply to: