2008/11/20 Martin Pitt <mpitt@debian.org>: > Raphael Geissert [2008-11-19 16:13 -0600]: >> I did manage to reproduce it in 1.3.8-1lenny2, so whatever was changed >> didn't actually fix the bug. > > Hm, all I get is a hanging browser, because it spits out hundreds of > empty message boxes. I wouldn't exactly call that a browser > vulnerability, it's just a JavaScript lifelock, but it didn't cause > cups to crash here. If I log into the web interface before running the exploit it does crash cups (and if I don't login at least konqueror doesn't hang:). > > Did you get the same? On the first execution of the exploit it only inserts 95 feeds and doesn't crash, but if I re run the exploit (with a different feed name) when after it reaches 100 feeds in total (first run + second run) cupsd crashes. > Can you please run "cupsctl --debug-logging", > then run the reproducer, and attach /var/log/cups/error_log > afterwards? Done > > Thanks, > > Martin > > -- > Martin Pitt | http://www.piware.de > Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) > Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net Lily Tomlin - "The trouble with the rat race is that even if you win, you're still a rat."
Attachment:
error_log.gz
Description: GNU Zip compressed data