Your message dated Tue, 11 Mar 2008 13:17:05 +0000 with message-id <E1JZ4Lp-0002rV-A3@ries.debian.org> and subject line Bug#467653: fixed in cupsys 1.3.5-1+lenny1 has caused the Debian Bug report #467653, regarding cupsys: CVE-2008-0882 remote denial of service to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 467653: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=467653 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: cupsys: CVE-2008-0882 remote denial of service
- From: Nico Golde <nion@debian.org>
- Date: Tue, 26 Feb 2008 19:07:50 +0100
- Message-id: <20080226180750.GA25432@ngolde.de>
Package: cupsys Version: 1.3.5-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for cupsys. CVE-2008-0882[0]: | Double free vulnerability in the process_browse_data function in CUPS | 1.3.5 allows remote attackers to cause a denial of service (daemon | crash) and possibly execute arbitrary code via crafted packets to the | cupsd port (631/udp), related to an unspecified manipulation of a | remote printer. NOTE: some of these details are obtained from third | party information. If you fix this vulnerability please also include the CVE id in your changelog entry. Patches can be found on: http://www.cups.org/str.php?L2656 For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882 Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.Attachment: pgpls4maGg9Y1.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 467653-close@bugs.debian.org
- Subject: Bug#467653: fixed in cupsys 1.3.5-1+lenny1
- From: Nico Golde <nion@debian.org>
- Date: Tue, 11 Mar 2008 13:17:05 +0000
- Message-id: <E1JZ4Lp-0002rV-A3@ries.debian.org>
Source: cupsys Source-Version: 1.3.5-1+lenny1 We believe that the bug you reported is fixed in the latest version of cupsys, which is due to be installed in the Debian FTP archive: cupsys-bsd_1.3.5-1+lenny1_i386.deb to pool/main/c/cupsys/cupsys-bsd_1.3.5-1+lenny1_i386.deb cupsys-client_1.3.5-1+lenny1_i386.deb to pool/main/c/cupsys/cupsys-client_1.3.5-1+lenny1_i386.deb cupsys-common_1.3.5-1+lenny1_all.deb to pool/main/c/cupsys/cupsys-common_1.3.5-1+lenny1_all.deb cupsys-dbg_1.3.5-1+lenny1_i386.deb to pool/main/c/cupsys/cupsys-dbg_1.3.5-1+lenny1_i386.deb cupsys_1.3.5-1+lenny1.diff.gz to pool/main/c/cupsys/cupsys_1.3.5-1+lenny1.diff.gz cupsys_1.3.5-1+lenny1.dsc to pool/main/c/cupsys/cupsys_1.3.5-1+lenny1.dsc cupsys_1.3.5-1+lenny1_i386.deb to pool/main/c/cupsys/cupsys_1.3.5-1+lenny1_i386.deb libcupsimage2-dev_1.3.5-1+lenny1_i386.deb to pool/main/c/cupsys/libcupsimage2-dev_1.3.5-1+lenny1_i386.deb libcupsimage2_1.3.5-1+lenny1_i386.deb to pool/main/c/cupsys/libcupsimage2_1.3.5-1+lenny1_i386.deb libcupsys2-dev_1.3.5-1+lenny1_i386.deb to pool/main/c/cupsys/libcupsys2-dev_1.3.5-1+lenny1_i386.deb libcupsys2_1.3.5-1+lenny1_i386.deb to pool/main/c/cupsys/libcupsys2_1.3.5-1+lenny1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 467653@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <nion@debian.org> (supplier of updated cupsys package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 10 Mar 2008 16:28:06 +0100 Source: cupsys Binary: libcupsys2 libcupsimage2 cupsys cupsys-client libcupsys2-dev libcupsimage2-dev cupsys-bsd cupsys-common cupsys-dbg Architecture: source all i386 Version: 1.3.5-1+lenny1 Distribution: testing-security Urgency: high Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org> Changed-By: Nico Golde <nion@debian.org> Description: cupsys - Common UNIX Printing System(tm) - server cupsys-bsd - Common UNIX Printing System(tm) - BSD commands cupsys-client - Common UNIX Printing System(tm) - client programs (SysV) cupsys-common - Common UNIX Printing System(tm) - common files cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols libcupsimage2 - Common UNIX Printing System(tm) - image libs libcupsimage2-dev - Common UNIX Printing System(tm) - image development files libcupsys2 - Common UNIX Printing System(tm) - libs libcupsys2-dev - Common UNIX Printing System(tm) - development files Closes: 467653 Changes: cupsys (1.3.5-1+lenny1) testing-security; urgency=high . * Non-maintainer upload by security team. * Add CVE-2008-0882.dpatch to fix a double free programming error in the process_browse_data that allows remote users to trigger a daemon crash and thus and possibly execute arbitrary code (Closes: #467653). Files: 2d458a14c6eaffe2943b9fcc3179f312 1184 net optional cupsys_1.3.5-1+lenny1.dsc 7ceefb2be5e7c88fb243f587928251c1 4866646 net optional cupsys_1.3.5.orig.tar.gz 85ff3a660956e7b7dcfff89141de0833 109696 net optional cupsys_1.3.5-1+lenny1.diff.gz 6d0e93d6210b2ae519961383e385d438 1143948 net optional cupsys-common_1.3.5-1+lenny1_all.deb 1efa6cb23b0b80382c9925ff8b0e004a 164630 libs optional libcupsys2_1.3.5-1+lenny1_i386.deb e1d6ecec4e596fa3afbbe143fdbb4d8a 88264 libs optional libcupsimage2_1.3.5-1+lenny1_i386.deb 6adbad851e31b7c827f661037dd8e958 2106940 net optional cupsys_1.3.5-1+lenny1_i386.deb 12d043a84e99fc21dea9b5527b1ad89f 87050 net optional cupsys-client_1.3.5-1+lenny1_i386.deb 82d78b3ccd41450498ae7d531e21493e 142104 libdevel optional libcupsys2-dev_1.3.5-1+lenny1_i386.deb b0b8323dbaecbf1dbbb74d174c8936b1 58178 libdevel optional libcupsimage2-dev_1.3.5-1+lenny1_i386.deb 4ebd049708413492f65754182aa0d942 36674 net extra cupsys-bsd_1.3.5-1+lenny1_i386.deb eefc8a6ad1ee8f768fb1a6077c6aa2b6 1045324 libdevel extra cupsys-dbg_1.3.5-1+lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH1WmuHYflSXNkfP8RAsrAAKCeeDpPnwEmYig+Jyua7Tq29IcYMQCfe24f NtaobLUkzpG8JjzG1zBm5GA= =UAec -----END PGP SIGNATURE-----
--- End Message ---