--- Begin Message ---
Package: cupsys
Version: 1.2.7-4etch2
Severity: important
[note: I believe this bug should be of a higher severity, since it is a
security bug (information disclosure) but the guidelines for severity do
not make it clear which severity I should choose. Feel free to inflate
the severity if you think it's warranted].
[note 2: I have tested that this bug applies in the version of cupsys in
sid, but am not able to specify multiple version numbers; will follow up
with a message to control@]
Cups logs contain potentially sensitive information, which should not be
exposed to normal users. Please make the logs readable by the adm group
only [ref /usr/share/doc/base-passwd/users-and-groups.txt.gz].
Thanks,
Dominic.
--- End Message ---
--- Begin Message ---
Source: cupsys
Source-Version: 1.3.6-2
We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:
cupsys-bsd_1.3.6-2_i386.deb
to pool/main/c/cupsys/cupsys-bsd_1.3.6-2_i386.deb
cupsys-client_1.3.6-2_i386.deb
to pool/main/c/cupsys/cupsys-client_1.3.6-2_i386.deb
cupsys-common_1.3.6-2_all.deb
to pool/main/c/cupsys/cupsys-common_1.3.6-2_all.deb
cupsys-dbg_1.3.6-2_i386.deb
to pool/main/c/cupsys/cupsys-dbg_1.3.6-2_i386.deb
cupsys_1.3.6-2.diff.gz
to pool/main/c/cupsys/cupsys_1.3.6-2.diff.gz
cupsys_1.3.6-2.dsc
to pool/main/c/cupsys/cupsys_1.3.6-2.dsc
cupsys_1.3.6-2_i386.deb
to pool/main/c/cupsys/cupsys_1.3.6-2_i386.deb
libcupsimage2-dev_1.3.6-2_i386.deb
to pool/main/c/cupsys/libcupsimage2-dev_1.3.6-2_i386.deb
libcupsimage2_1.3.6-2_i386.deb
to pool/main/c/cupsys/libcupsimage2_1.3.6-2_i386.deb
libcupsys2-dev_1.3.6-2_i386.deb
to pool/main/c/cupsys/libcupsys2-dev_1.3.6-2_i386.deb
libcupsys2_1.3.6-2_i386.deb
to pool/main/c/cupsys/libcupsys2_1.3.6-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 469853@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated cupsys package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 16 Mar 2008 22:34:50 +0100
Source: cupsys
Binary: libcupsys2 libcupsimage2 cupsys cupsys-client libcupsys2-dev libcupsimage2-dev cupsys-bsd cupsys-common cupsys-dbg
Architecture: source all i386
Version: 1.3.6-2
Distribution: unstable
Urgency: low
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
cupsys - Common UNIX Printing System(tm) - server
cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
cupsys-common - Common UNIX Printing System(tm) - common files
cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols
libcupsimage2 - Common UNIX Printing System(tm) - image libs
libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
libcupsys2 - Common UNIX Printing System(tm) - libs
libcupsys2-dev - Common UNIX Printing System(tm) - development files
Closes: 313536 376580 426519 469853
Changes:
cupsys (1.3.6-2) unstable; urgency=low
.
* debian/rules: Configure with default log file permissions 0640.
(Closes: #469853)
* debian/control: Mention "lpr" in the description of -bsd, for easier
apt-cache search catching. (Closes: #426519)
* Remove debian/NEWS, there's nothing new since Etch's release.
(Closes: #376580)
* Add debian/patches/pbmprint.dpatch: Fix printing of PBM files, thanks to
Eugeniy Meshcheryakov! (Closes: #313536)
* debian/cupsys.preinst: Only chown /var/run/cups if it exists. (LP #156634)
* Move scripting examples from cupsys to libcupsys2-dev. No need to install
those 1.3 MB by default on every system, this is much more developer
oriented. Mention this in the package description.
* debian/rules: Explicitly build with -fno-stack-protector on arm and armel,
since the compiler produces segfaulting binaries. Works around #469517.
* search_mime_files_in_usr_share.dpatch: Do not fatally fail if
DataDir/mime does not exist. This both makes much more sense (since
/etc/cups is the canonical dir which must exist, and /usr/share/cups/mime
is optional), and also unbreaks the test suite (which does not create this
directory by default).
* pidfile.dpatch: Specify PidFile in temporary directory in the self test's
cupsd.conf.
* debian/rules clean: Remove test suite HTML reports.
* Add testsuite-exit-code.dpatch: Exit with nonzero if the test suite fails,
so that it is easier to integrate into package building.
* pdftops-cups-1.4.dpatch: Update pdftops location in test suite, too, so
that it does not fail the PDF printing test. (Forwarded to STR #2759)
* debian/rules: Run test suite on build. This will fail the build if any
tests fail, so that problems on particular platforms will be caught
easily.
* debian/control: Add alternative (build-)depends to heimdal-dev.
* debian/rules, debian/cupsys.postinst: Call update-rc.d to not install stop
symlinks for runlevels 0 and 6, since they just needlessly slow down
shutdown. Remove the obsolete kill symlinks on upgrade. Patch adopted from
the Ubuntu branch, but without using the Ubuntu-only 'multiuser' mode of
update-rc.d.
* Add debian/local/apparmor-profile: AppArmor profile (taken from Ubuntu
branch). Install it in debian/rules if package is built on Ubuntu (tested
with lsb_release -is). Reload AppArmor in debian/cupsys.postinst if both
the cupsys profile and AppArmor itself are present.
* Add debian/patches/ubuntu-disable-browsing.dpatch: Disable Browsing by
default when building on Ubuntu.
* Add debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Set
default job error policy to "Retry", since it is less confusing and a
better default on desktop machines. This is only applied when building on
Ubuntu.
* debian/control: Add Vcs-{Svn,Browser} fields.
Files:
0563e7870a54c4153f715e7f70e9fe3d 1302 net optional cupsys_1.3.6-2.dsc
7623bb3c88197787c49d3ba88639f832 110980 net optional cupsys_1.3.6-2.diff.gz
06c8cdb103a04fc1b5aeae357d9772a6 1127226 net optional cupsys-common_1.3.6-2_all.deb
a09478cb81af3be407e3087cc51494c5 155754 libs optional libcupsys2_1.3.6-2_i386.deb
55f5b8bb5f880a2f75ed229afc44f2c4 91318 libs optional libcupsimage2_1.3.6-2_i386.deb
9df0aa0fd70a1d6beb69efc5746840d0 1918850 net optional cupsys_1.3.6-2_i386.deb
6f9d125336d7321073ad7a6dea5c1a78 78930 net optional cupsys-client_1.3.6-2_i386.deb
056d79d7849fc9002bf31ba3dbed761d 382830 libdevel optional libcupsys2-dev_1.3.6-2_i386.deb
e01bc1a91338b5e709bc7143fdc19140 59694 libdevel optional libcupsimage2-dev_1.3.6-2_i386.deb
f1f7d4401309e7bb2f39ff1105af3c78 34302 net extra cupsys-bsd_1.3.6-2_i386.deb
68591e873fe098e65bbcdf4fbf16df07 1059932 libdevel extra cupsys-dbg_1.3.6-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH3ZWRDecnbV4Fd/IRAmNZAJ0W0S+4kdxKgB+ZfdLYW6u9E/agrwCeNiRJ
9Ig10OJVUAkoH9C0epLUhaw=
=gw5d
-----END PGP SIGNATURE-----
--- End Message ---