[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#507183: marked as done (cups: integer overflow via validation code in of the image size)



Your message dated Wed, 17 Dec 2008 21:02:52 +0000
with message-id <E1LD3Xg-0006ej-RO@ries.debian.org>
and subject line Bug#507183: fixed in cupsys 1.2.7-4etch6
has caused the Debian Bug report #507183,
regarding cups: integer overflow via validation code in of the image size
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
507183: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507183
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: cups
Version: 1.3.8-1lenny3
Severity: grave
Tags: security, patch
Justification: user security hole

Hi Martin

Cups upstream just fixed another integer overflow[0], which was introduced
due to an incomplete fix for CVE-2008-1722. The upstream commit can be
found here[1]. A CVE id has been requested and I'll post it as soon as
it is available.

Cheers
Steffen

[0]: http://www.cups.org/str.php?L2974

[1]: http://www.cups.org/strfiles/2974/str2974.patch



--- End Message ---
--- Begin Message ---
Source: cupsys
Source-Version: 1.2.7-4etch6

We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:

cupsys-bsd_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb
cupsys-client_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb
cupsys-common_1.2.7-4etch6_all.deb
  to pool/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb
cupsys-dbg_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb
cupsys_1.2.7-4etch6.diff.gz
  to pool/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz
cupsys_1.2.7-4etch6.dsc
  to pool/main/c/cupsys/cupsys_1.2.7-4etch6.dsc
cupsys_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb
libcupsimage2-dev_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb
libcupsimage2_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb
libcupsys2-dev_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb
libcupsys2-gnutls10_1.2.7-4etch6_all.deb
  to pool/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb
libcupsys2_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 507183@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated cupsys package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 30 Nov 2008 10:08:59 +0000
Source: cupsys
Binary: libcupsys2-dev cupsys libcupsys2 libcupsimage2 cupsys-common cupsys-client cupsys-dbg cupsys-bsd libcupsys2-gnutls10 libcupsimage2-dev
Architecture: source i386 all
Version: 1.2.7-4etch6
Distribution: stable-security
Urgency: high
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Steffen Joeris <white@debian.org>
Description: 
 cupsys     - Common UNIX Printing System(tm) - server
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
 cupsys-common - Common UNIX Printing System(tm) - common files
 cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System(tm) - libs
 libcupsys2-dev - Common UNIX Printing System(tm) - development files
 libcupsys2-gnutls10 - Common UNIX Printing System(tm) - dummy libs for transition
Closes: 507183
Changes: 
 cupsys (1.2.7-4etch6) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix potential integer overflow in image validation code
     (STR #2974, Closes: #507183)
Files: 
 a7198b7e0d7724a972d4027e805b1387 1092 net optional cupsys_1.2.7-4etch6.dsc
 1321ea49cfa8c06d619759acb00b0b2e 108940 net optional cupsys_1.2.7-4etch6.diff.gz
 9e98540d35e8a7aef76a1042cc4befe4 46256 libs optional libcupsys2-gnutls10_1.2.7-4etch6_all.deb
 4abe699f9d2a8f866b1e323934c6172a 917900 net optional cupsys-common_1.2.7-4etch6_all.deb
 41344ee4c268c095b89c8decc0e2df68 161274 libs optional libcupsys2_1.2.7-4etch6_i386.deb
 86517be38ba93afd954091ad5643c65b 87310 libs optional libcupsimage2_1.2.7-4etch6_i386.deb
 c0cefa71d7f58abd666c2c1459d3ede9 1556170 net optional cupsys_1.2.7-4etch6_i386.deb
 77c4aef7c78be537c09bc689ad1f5139 79702 net optional cupsys-client_1.2.7-4etch6_i386.deb
 51b8758e0338e1ec6ec9d74ea5f960ef 137796 libdevel optional libcupsys2-dev_1.2.7-4etch6_i386.deb
 4fccf1dfd78b230033407a914760d3f5 53240 libdevel optional libcupsimage2-dev_1.2.7-4etch6_i386.deb
 e464d81d46968426796a8182e6418691 36250 net extra cupsys-bsd_1.2.7-4etch6_i386.deb
 ec73926b9d49c2790c6381a927ad20a2 997624 libdevel extra cupsys-dbg_1.2.7-4etch6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkycjwACgkQ62zWxYk/rQcPJwCfRWfdwIb+oECLuUNMqPr/rnz6
DAYAoLWsa2/BSwNLUcK94yD5g3k+Y8Hu
=bewn
-----END PGP SIGNATURE-----



--- End Message ---

Reply to: