Hi, The cups upload that mentions this bug fixed CVE-2010-0393 rather than what this report is about: CVE-2010-0302. Updated patches for CVE-2010-0302 are in the Ubuntu cups package: http://launchpadlibrarian.net/40099705/cups_1.4.1-5ubuntu2.3_1.4.1-5ubuntu2.4.diff.gz See the adjusted debian/patches/CVE-2009-3553.dpatch Thanks! -Kees -- Kees Cook @debian.org