Bug#499842: CVE-2008-2940/-2941: security issues in hplip

To: 499842@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#499842: CVE-2008-2940/-2941: security issues in hplip
From: Stefan Fritsch <sf@sfritsch.de>
Date: Fri, 3 Oct 2008 20:40:29 +0200
Message-id: <[🔎] 200810032040.30027.sf@sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 499842@bugs.debian.org

fixed 499842 2.8.6-1
thanks

Both issues affect 1.6.10-3etch1 in etch.

Of the three patches, this one

https://bugzilla.redhat.com/attachment.cgi?id=312880

introduces a new config file /etc/hp/alerts.conf . I am not sure if 
this is good for a stable security update, but it may be ok if the 
feature is nearly never used. Maybe the maintainer could comment?


The code in lenny (2.8.6) is quite different. AFAICS, hpssd does not 
open any listening socket anymore so CVE-2008-2941 is not an issue. 
And the alert email code seems to be commented out, therefore 
CVE-2008-2940 is also an non-issue.

Reply to:

Follow-Ups:
- Processed: CVE-2008-2940/-2941: security issues in hplip
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: CVE-2008-2940/-2941: security issues in hplip
Next by Date: Processed: bug 499842 is forwarded to https://bugs.launchpad.net/hplip/+bug/273370
Next by thread: Processed: CVE-2008-2940/-2941: security issues in hplip
Index(es):
- Date
- Thread