[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#572940: marked as done (CVE-2010-0302: Incomplete security fix)



Your message dated Wed, 24 Mar 2010 16:17:44 +0000
with message-id <E1NuTH6-0003rl-TB@ries.debian.org>
and subject line Bug#572940: fixed in cups 1.4.2-10
has caused the Debian Bug report #572940,
regarding CVE-2010-0302: Incomplete security fix
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
572940: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572940
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: cups
Severity: important
Tags: security

The upstream patch for CVE-2009-3553 turned out to be incomplete. Please
see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0302 for a
description and a patch.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages cups depends on:
ii  adduser                      3.112       add and remove users and groups
pn  cups-common                  <none>      (no description available)
ii  debconf [debconf-2.0]        1.5.28      Debian configuration management sy
ii  ghostscript                  8.71~dfsg-2 The GPL Ghostscript PostScript/PDF
pn  libavahi-compat-libdnssd1    <none>      (no description available)
ii  libc6                        2.10.2-6    Embedded GNU C Library: Shared lib
ii  libcups2                     1.4.2-9.1   Common UNIX Printing System(tm) - 
ii  libcupsimage2                1.4.2-9.1   Common UNIX Printing System(tm) - 
ii  libdbus-1-3                  1.2.20-2    simple interprocess messaging syst
ii  libgnutls26                  2.8.5-2     the GNU TLS library - runtime libr
pn  libkrb53                     <none>      (no description available)
ii  libldap-2.4-2                2.4.17-2.1  OpenLDAP libraries
ii  libpam0g                     1.1.1-2     Pluggable Authentication Modules l
ii  libpaper1                    1.1.23+nmu2 library for handling paper charact
pn  libslp1                      <none>      (no description available)
ii  lsb-base                     3.2-23      Linux Standard Base 3.2 init scrip
ii  perl-modules                 5.10.1-11   Core Perl modules
ii  poppler-utils [xpdf-utils]   0.12.2-2.1  PDF utilitites (based on libpopple
ii  procps                       1:3.2.8-8   /proc file system utilities
ii  ssl-cert                     1.0.25      simple debconf wrapper for OpenSSL

Versions of packages cups recommends:
pn  avahi-utils               <none>         (no description available)
pn  cups-client               <none>         (no description available)
ii  foomatic-filters          4.0-20090509-1 OpenPrinting printer support - fil
pn  smbclient                 <none>         (no description available)

Versions of packages cups suggests:
pn  cups-bsd                  <none>         (no description available)
pn  cups-driver-gutenprint    <none>         (no description available)
pn  cups-pdf                  <none>         (no description available)
ii  foomatic-db               20090616-1     OpenPrinting printer support - dat
ii  foomatic-db-engine        4.0-20090509-2 OpenPrinting printer support - pro
pn  hplip                     <none>         (no description available)
pn  xpdf-korean | xpdf-japane <none>         (no description available)



--- End Message ---
--- Begin Message ---
Source: cups
Source-Version: 1.4.2-10

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive:

cups-bsd_1.4.2-10_amd64.deb
  to main/c/cups/cups-bsd_1.4.2-10_amd64.deb
cups-client_1.4.2-10_amd64.deb
  to main/c/cups/cups-client_1.4.2-10_amd64.deb
cups-common_1.4.2-10_all.deb
  to main/c/cups/cups-common_1.4.2-10_all.deb
cups-dbg_1.4.2-10_amd64.deb
  to main/c/cups/cups-dbg_1.4.2-10_amd64.deb
cups-ppdc_1.4.2-10_amd64.deb
  to main/c/cups/cups-ppdc_1.4.2-10_amd64.deb
cups_1.4.2-10.diff.gz
  to main/c/cups/cups_1.4.2-10.diff.gz
cups_1.4.2-10.dsc
  to main/c/cups/cups_1.4.2-10.dsc
cups_1.4.2-10_amd64.deb
  to main/c/cups/cups_1.4.2-10_amd64.deb
cupsddk_1.4.2-10_all.deb
  to main/c/cups/cupsddk_1.4.2-10_all.deb
cupsys-bsd_1.4.2-10_all.deb
  to main/c/cups/cupsys-bsd_1.4.2-10_all.deb
cupsys-client_1.4.2-10_all.deb
  to main/c/cups/cupsys-client_1.4.2-10_all.deb
cupsys-common_1.4.2-10_all.deb
  to main/c/cups/cupsys-common_1.4.2-10_all.deb
cupsys-dbg_1.4.2-10_all.deb
  to main/c/cups/cupsys-dbg_1.4.2-10_all.deb
cupsys_1.4.2-10_all.deb
  to main/c/cups/cupsys_1.4.2-10_all.deb
libcups2-dev_1.4.2-10_amd64.deb
  to main/c/cups/libcups2-dev_1.4.2-10_amd64.deb
libcups2_1.4.2-10_amd64.deb
  to main/c/cups/libcups2_1.4.2-10_amd64.deb
libcupscgi1-dev_1.4.2-10_amd64.deb
  to main/c/cups/libcupscgi1-dev_1.4.2-10_amd64.deb
libcupscgi1_1.4.2-10_amd64.deb
  to main/c/cups/libcupscgi1_1.4.2-10_amd64.deb
libcupsdriver1-dev_1.4.2-10_amd64.deb
  to main/c/cups/libcupsdriver1-dev_1.4.2-10_amd64.deb
libcupsdriver1_1.4.2-10_amd64.deb
  to main/c/cups/libcupsdriver1_1.4.2-10_amd64.deb
libcupsimage2-dev_1.4.2-10_amd64.deb
  to main/c/cups/libcupsimage2-dev_1.4.2-10_amd64.deb
libcupsimage2_1.4.2-10_amd64.deb
  to main/c/cups/libcupsimage2_1.4.2-10_amd64.deb
libcupsmime1-dev_1.4.2-10_amd64.deb
  to main/c/cups/libcupsmime1-dev_1.4.2-10_amd64.deb
libcupsmime1_1.4.2-10_amd64.deb
  to main/c/cups/libcupsmime1_1.4.2-10_amd64.deb
libcupsppdc1-dev_1.4.2-10_amd64.deb
  to main/c/cups/libcupsppdc1-dev_1.4.2-10_amd64.deb
libcupsppdc1_1.4.2-10_amd64.deb
  to main/c/cups/libcupsppdc1_1.4.2-10_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 572940@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 24 Mar 2010 16:50:56 +0100
Source: cups
Binary: libcups2 libcupsimage2 libcupscgi1 libcupsdriver1 libcupsmime1 libcupsppdc1 cups cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev libcupsdriver1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common cups-ppdc cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd cupsys-dbg cupsddk
Architecture: source all amd64
Version: 1.4.2-10
Distribution: unstable
Urgency: low
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description: 
 cups       - Common UNIX Printing System(tm) - server
 cups-bsd   - Common UNIX Printing System(tm) - BSD commands
 cups-client - Common UNIX Printing System(tm) - client programs (SysV)
 cups-common - Common UNIX Printing System(tm) - common files
 cups-dbg   - Common UNIX Printing System(tm) - debugging symbols
 cups-ppdc  - Common UNIX Printing System(tm) - PPD manipulation utilities
 cupsddk    - Common UNIX Printing System (transitional package)
 cupsys     - Common UNIX Printing System (transitional package)
 cupsys-bsd - Common UNIX Printing System (transitional package)
 cupsys-client - Common UNIX Printing System (transitional package)
 cupsys-common - Common UNIX Printing System (transitional package)
 cupsys-dbg - Common UNIX Printing System (transitional package)
 libcups2   - Common UNIX Printing System(tm) - Core library
 libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library
 libcupscgi1 - Common UNIX Printing System(tm) - CGI library
 libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI libra
 libcupsdriver1 - Common UNIX Printing System(tm) - Driver library
 libcupsdriver1-dev - Common UNIX Printing System(tm) - Development files driver librar
 libcupsimage2 - Common UNIX Printing System(tm) - Raster image library
 libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li
 libcupsmime1 - Common UNIX Printing System(tm) - MIME library
 libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME library
 libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library
 libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD library
Closes: 549673 572940
Changes: 
 cups (1.4.2-10) unstable; urgency=low
 .
   [ Till Kamppeter ]
   * debian/local/filters/pdf-filters/pdftopdf/P2PDoc.cxx: Output of the
     pdftopdf filter was not completely complying with the Adobe specs for PDF.
     Thanks to Duncan Lock for finding and reporting the bug and supplying a
     fix (LP: #544636).
 .
   [ Martin Pitt ]
   * Add no-conffile-timestamp.dpatch: Disable time stamps in conffiles, to
     avoid ever-changing files in /etc. Thanks Joey Hess!
     (Rejected upstream, STR#3067; Closes: #549673)
   * CVE-2010-0393.dpatch: Replace with patch from upstream, and tag
     header. (Closes: #572940)
   * debian/local/filters/pdf-filters/*: Disable call of setErrorFunction() on
     armel for now, since armel's libpoppler is broken. This works around
     #575262, so that cups can finally go into testing again (which is more
     than overdue).
Checksums-Sha1: 
 185a5163c00e3733db42886edd61931df6ef32a1 2157 cups_1.4.2-10.dsc
 ae90fd6a1881b515ed2401f394889ec4252bea78 477585 cups_1.4.2-10.diff.gz
 43c72ea6d10fa69adaa17e483ab42ad0050f36f9 1445714 cups-common_1.4.2-10_all.deb
 88ea3e42c43bfdfb638dbc636c7131b44eed733e 71184 cupsys_1.4.2-10_all.deb
 e13bb356f76eade3fcdf702b150ea9b9abde4ba2 71206 cupsys-client_1.4.2-10_all.deb
 8c1312e774a1b796f0b9c73b9885c9db924e4be3 71208 cupsys-common_1.4.2-10_all.deb
 66cf4b824ec749aa30d5a37c204c2a51b5330a4c 71198 cupsys-bsd_1.4.2-10_all.deb
 4af84e23f877eb474b33b997702ad0af815b247e 71206 cupsys-dbg_1.4.2-10_all.deb
 6922266872fb56474011659cbc69976fcf65449a 71156 cupsddk_1.4.2-10_all.deb
 14c4d55f6e56598134a1df36da0237442e0e4e86 220976 libcups2_1.4.2-10_amd64.deb
 db59949a415bc423efd89db44616fb144d0b2c3d 119520 libcupsimage2_1.4.2-10_amd64.deb
 9ab98a048901bce09182b2fe70255e7efdabdbd2 97966 libcupscgi1_1.4.2-10_amd64.deb
 5d4d892ce8153b3fef4507100cfd3fef3ba8fa22 88588 libcupsdriver1_1.4.2-10_amd64.deb
 2cac8be36aec780332a7b765653e23a8b36e62a6 82004 libcupsmime1_1.4.2-10_amd64.deb
 5e4d0c3145cd064cdc2c27aa9e3e3210915595bf 126422 libcupsppdc1_1.4.2-10_amd64.deb
 765324044c3b6800df1a76a261b6859771645ad4 2015080 cups_1.4.2-10_amd64.deb
 bdeaf788c27dbca37a244c27e3f032a1e10e3d76 140148 cups-client_1.4.2-10_amd64.deb
 b2150cfc2c7cbcb9c414bfa40170fa92b0831a77 279776 libcups2-dev_1.4.2-10_amd64.deb
 2660d2395742bf5ad34ad97f950436fef06ffd7e 61326 libcupsimage2-dev_1.4.2-10_amd64.deb
 3f70ffee9f608073c56bfc9a5bd0d69712ee53ff 103414 libcupscgi1-dev_1.4.2-10_amd64.deb
 ce7dc736e99e31e0cf93935390c219c60e56e8a5 91568 libcupsdriver1-dev_1.4.2-10_amd64.deb
 33af96464410468917937489b41e953ea1a088b0 82460 libcupsmime1-dev_1.4.2-10_amd64.deb
 4900126fca4fd97ce96c9924e46583744dfa45c9 144436 libcupsppdc1-dev_1.4.2-10_amd64.deb
 a42bbb0cc8963b9fe80f872339ed528cb3bf9f61 44504 cups-bsd_1.4.2-10_amd64.deb
 cb634d5f6499f4de86ee1a309cdc4308e66a8955 100532 cups-ppdc_1.4.2-10_amd64.deb
 fe52fd58fd3926ea760ccdb75789c0655d993ecf 91392 cups-dbg_1.4.2-10_amd64.deb
Checksums-Sha256: 
 5f6ae46eab07e5be41bad48b84c0b5f71310af1fed4d0b2ba80cfe95e5c75585 2157 cups_1.4.2-10.dsc
 a9a32f9839cd3192c15cb9e689df774794bd767b777202144f9b166006f66758 477585 cups_1.4.2-10.diff.gz
 069ac3306b4294c493740393b11c80de005aa5781787e4d53c0e76162be5a228 1445714 cups-common_1.4.2-10_all.deb
 290f04c74968b1f1b6707a709ba7d4e7b548aa87f5851ce9dfc1db78b57de0a3 71184 cupsys_1.4.2-10_all.deb
 e7b62ac370819ec52949b8695bcd29c04eac85493b994af401ff4ad54b17a4a6 71206 cupsys-client_1.4.2-10_all.deb
 383feb0c248bdf574183824af0567546441b9cfbf370883c51e05bb39fea46b5 71208 cupsys-common_1.4.2-10_all.deb
 7a5e5f4ae70fac233a3ea9ae27495bf054e7455067b5859f275dde09fa7d7c70 71198 cupsys-bsd_1.4.2-10_all.deb
 104b2b5d52d60b84a7792ff70f69c41fb457bb7acc46009d1bb069b26b1f4d50 71206 cupsys-dbg_1.4.2-10_all.deb
 9d284d7601bc0d73150fbabf8cb92336d05cb8f2e92c7b133b241b16c81f384d 71156 cupsddk_1.4.2-10_all.deb
 40a5c3a2d8c115fdb2574830c95f1cdf65d1e82d43689eb486eb108fd55d0412 220976 libcups2_1.4.2-10_amd64.deb
 edcfd7008571670d2208904aec838882a222ca6058338977b2132cfcad6246dc 119520 libcupsimage2_1.4.2-10_amd64.deb
 c3d87b93fdcadfa03ba7e3e0688435c590f5b9addbd3579f3e347263a56d6b2d 97966 libcupscgi1_1.4.2-10_amd64.deb
 59d5c509fb92f7e304e9d00c831d61e28ba3e5201b75323ea657759458a21386 88588 libcupsdriver1_1.4.2-10_amd64.deb
 5a613c0232980f5315dd768ded49c2e71b6c443af93a0d7d444c073385627e76 82004 libcupsmime1_1.4.2-10_amd64.deb
 1287d24c5bebe60e081529a11ccc1f1161bedcefa193c3a38dfd1bbd25be1087 126422 libcupsppdc1_1.4.2-10_amd64.deb
 9798a228551081adb8100bf46f6843fa90ba98e05187f9be84f4b53713b9259a 2015080 cups_1.4.2-10_amd64.deb
 619da00d61239f275edd188cb75a85ec890b0fd6542a79effdbfe35a272244ac 140148 cups-client_1.4.2-10_amd64.deb
 573602ffddb4311f26da5c0f4c5dc57fb8f50d1fb41143e788328532a91d33b8 279776 libcups2-dev_1.4.2-10_amd64.deb
 e2e98bd3b2ed97d4d9ace754115d5abbb1ea4bceb9aaa953a6bd14c057599034 61326 libcupsimage2-dev_1.4.2-10_amd64.deb
 487455ab5ba29fc8f545428a8989dc805a274d4d72dfaef4b8cfdd700cd2f35e 103414 libcupscgi1-dev_1.4.2-10_amd64.deb
 4ad38228ed90d1056aa5788d66e174c9bda94946795a81e0aa4976d272e5f5ee 91568 libcupsdriver1-dev_1.4.2-10_amd64.deb
 49a25b961c07b3001af73a863b6c5001d9ecb055c438a48f4f1aaa098d1d960f 82460 libcupsmime1-dev_1.4.2-10_amd64.deb
 311e2d095209910775e3c36ff49dc584e8918332ec811ca8a921f6a3e2060c30 144436 libcupsppdc1-dev_1.4.2-10_amd64.deb
 fc0a08b06f56a7a9558e2c036deeee98c23d7f7ff21578ee580db40ca27dd85b 44504 cups-bsd_1.4.2-10_amd64.deb
 ccd7fb382e041588114bbc47a3e1c02d20a8d5a0ba1c4d4ee2647e1a770a8219 100532 cups-ppdc_1.4.2-10_amd64.deb
 b6a4ab10724dfef85dbca850c4876eb26514a888208bf032aa555c9fef5fb9d2 91392 cups-dbg_1.4.2-10_amd64.deb
Files: 
 3e8f28adf2ccb431aa3846dce20f0700 2157 net optional cups_1.4.2-10.dsc
 215f7f0c00a05f3547e12fef64b3bd9c 477585 net optional cups_1.4.2-10.diff.gz
 741ee683c72b0a6861975266693cf9be 1445714 net optional cups-common_1.4.2-10_all.deb
 47a9e35ce798daf58413abba30408cc7 71184 oldlibs extra cupsys_1.4.2-10_all.deb
 53a17f31240708b62c1a94518b912d29 71206 oldlibs extra cupsys-client_1.4.2-10_all.deb
 1d1003163566ac893c1af9d35337c7b0 71208 oldlibs extra cupsys-common_1.4.2-10_all.deb
 8f93b258575ff7a1485d46347fd6d0be 71198 oldlibs extra cupsys-bsd_1.4.2-10_all.deb
 fe69e00204f1c42b26b826713bc463b0 71206 oldlibs extra cupsys-dbg_1.4.2-10_all.deb
 7e74e6b0625407165dd1ac18b860e9ae 71156 oldlibs extra cupsddk_1.4.2-10_all.deb
 08a2018d92aabb5a64fdeaf533e9e2cf 220976 libs optional libcups2_1.4.2-10_amd64.deb
 867d287126119960ed06bf263b6b4987 119520 libs optional libcupsimage2_1.4.2-10_amd64.deb
 8f167e8d4b7f1b4b9fcd0a275c905b9d 97966 libs optional libcupscgi1_1.4.2-10_amd64.deb
 14d1951ddc3f4d018ba802f8a2cda974 88588 libs optional libcupsdriver1_1.4.2-10_amd64.deb
 ffffd6887cf03c2d661d75737c351623 82004 libs optional libcupsmime1_1.4.2-10_amd64.deb
 718c92f6df485495daa44050656efb61 126422 libs optional libcupsppdc1_1.4.2-10_amd64.deb
 803a410d6f16d3b7519d3ff8dd95fa5a 2015080 net optional cups_1.4.2-10_amd64.deb
 846356866053d9941912b8ed757d9545 140148 net optional cups-client_1.4.2-10_amd64.deb
 d3b283de76c1544c1e07702368ee0fd4 279776 libdevel optional libcups2-dev_1.4.2-10_amd64.deb
 a79dd373dd8376755e47f91a4e8fb16e 61326 libdevel optional libcupsimage2-dev_1.4.2-10_amd64.deb
 ba73b0a105baadd9dbaeda59f3b0bf9e 103414 libdevel optional libcupscgi1-dev_1.4.2-10_amd64.deb
 c01339e5d779995fbfa372966c188c9e 91568 libdevel optional libcupsdriver1-dev_1.4.2-10_amd64.deb
 7daef6864c7edf7012d8f755c49076fa 82460 libdevel optional libcupsmime1-dev_1.4.2-10_amd64.deb
 90cfe54c8b8cb2b8de1791d948daa253 144436 libdevel optional libcupsppdc1-dev_1.4.2-10_amd64.deb
 637d5f6993e01c8758f3a34697c6f703 44504 net extra cups-bsd_1.4.2-10_amd64.deb
 8e78ef839f0fe43fb3e89cff9630b3e6 100532 net optional cups-ppdc_1.4.2-10_amd64.deb
 83d814c9a73ea0895b07b5c6668167bb 91392 debug extra cups-dbg_1.4.2-10_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuqOVgACgkQDecnbV4Fd/LT2wCgraYaQLpO5X/oEl+Oa+RRYOHK
/6IAnAo5+876YNWjb6X1JryXo2VuikkM
=tqEk
-----END PGP SIGNATURE-----



--- End Message ---

Reply to: