Bug#572940: marked as done (CVE-2010-0302: Incomplete security fix)
Your message dated Fri, 09 Apr 2010 15:52:34 +0000
with message-id <E1O0GVW-0003SE-KC@ries.debian.org>
and subject line Bug#572940: fixed in cups 1.4.3-1
has caused the Debian Bug report #572940,
regarding CVE-2010-0302: Incomplete security fix
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
572940: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572940
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: CVE-2010-0302: Incomplete security fix
- From: Moritz Muehlenhoff <jmm@debian.org>
- Date: Sun, 07 Mar 2010 19:57:09 +0100
- Message-id: <20100307185709.22748.71105.reportbug@localhost.localdomain>
Package: cups
Severity: important
Tags: security
The upstream patch for CVE-2009-3553 turned out to be incomplete. Please
see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0302 for a
description and a patch.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages cups depends on:
ii adduser 3.112 add and remove users and groups
pn cups-common <none> (no description available)
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii ghostscript 8.71~dfsg-2 The GPL Ghostscript PostScript/PDF
pn libavahi-compat-libdnssd1 <none> (no description available)
ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib
ii libcups2 1.4.2-9.1 Common UNIX Printing System(tm) -
ii libcupsimage2 1.4.2-9.1 Common UNIX Printing System(tm) -
ii libdbus-1-3 1.2.20-2 simple interprocess messaging syst
ii libgnutls26 2.8.5-2 the GNU TLS library - runtime libr
pn libkrb53 <none> (no description available)
ii libldap-2.4-2 2.4.17-2.1 OpenLDAP libraries
ii libpam0g 1.1.1-2 Pluggable Authentication Modules l
ii libpaper1 1.1.23+nmu2 library for handling paper charact
pn libslp1 <none> (no description available)
ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip
ii perl-modules 5.10.1-11 Core Perl modules
ii poppler-utils [xpdf-utils] 0.12.2-2.1 PDF utilitites (based on libpopple
ii procps 1:3.2.8-8 /proc file system utilities
ii ssl-cert 1.0.25 simple debconf wrapper for OpenSSL
Versions of packages cups recommends:
pn avahi-utils <none> (no description available)
pn cups-client <none> (no description available)
ii foomatic-filters 4.0-20090509-1 OpenPrinting printer support - fil
pn smbclient <none> (no description available)
Versions of packages cups suggests:
pn cups-bsd <none> (no description available)
pn cups-driver-gutenprint <none> (no description available)
pn cups-pdf <none> (no description available)
ii foomatic-db 20090616-1 OpenPrinting printer support - dat
ii foomatic-db-engine 4.0-20090509-2 OpenPrinting printer support - pro
pn hplip <none> (no description available)
pn xpdf-korean | xpdf-japane <none> (no description available)
--- End Message ---
--- Begin Message ---
Source: cups
Source-Version: 1.4.3-1
We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive:
cups-bsd_1.4.3-1_amd64.deb
to main/c/cups/cups-bsd_1.4.3-1_amd64.deb
cups-client_1.4.3-1_amd64.deb
to main/c/cups/cups-client_1.4.3-1_amd64.deb
cups-common_1.4.3-1_all.deb
to main/c/cups/cups-common_1.4.3-1_all.deb
cups-dbg_1.4.3-1_amd64.deb
to main/c/cups/cups-dbg_1.4.3-1_amd64.deb
cups-ppdc_1.4.3-1_amd64.deb
to main/c/cups/cups-ppdc_1.4.3-1_amd64.deb
cups_1.4.3-1.diff.gz
to main/c/cups/cups_1.4.3-1.diff.gz
cups_1.4.3-1.dsc
to main/c/cups/cups_1.4.3-1.dsc
cups_1.4.3-1_amd64.deb
to main/c/cups/cups_1.4.3-1_amd64.deb
cups_1.4.3.orig.tar.gz
to main/c/cups/cups_1.4.3.orig.tar.gz
cupsddk_1.4.3-1_all.deb
to main/c/cups/cupsddk_1.4.3-1_all.deb
cupsys-bsd_1.4.3-1_all.deb
to main/c/cups/cupsys-bsd_1.4.3-1_all.deb
cupsys-client_1.4.3-1_all.deb
to main/c/cups/cupsys-client_1.4.3-1_all.deb
cupsys-common_1.4.3-1_all.deb
to main/c/cups/cupsys-common_1.4.3-1_all.deb
cupsys-dbg_1.4.3-1_all.deb
to main/c/cups/cupsys-dbg_1.4.3-1_all.deb
cupsys_1.4.3-1_all.deb
to main/c/cups/cupsys_1.4.3-1_all.deb
libcups2-dev_1.4.3-1_amd64.deb
to main/c/cups/libcups2-dev_1.4.3-1_amd64.deb
libcups2_1.4.3-1_amd64.deb
to main/c/cups/libcups2_1.4.3-1_amd64.deb
libcupscgi1-dev_1.4.3-1_amd64.deb
to main/c/cups/libcupscgi1-dev_1.4.3-1_amd64.deb
libcupscgi1_1.4.3-1_amd64.deb
to main/c/cups/libcupscgi1_1.4.3-1_amd64.deb
libcupsdriver1-dev_1.4.3-1_amd64.deb
to main/c/cups/libcupsdriver1-dev_1.4.3-1_amd64.deb
libcupsdriver1_1.4.3-1_amd64.deb
to main/c/cups/libcupsdriver1_1.4.3-1_amd64.deb
libcupsimage2-dev_1.4.3-1_amd64.deb
to main/c/cups/libcupsimage2-dev_1.4.3-1_amd64.deb
libcupsimage2_1.4.3-1_amd64.deb
to main/c/cups/libcupsimage2_1.4.3-1_amd64.deb
libcupsmime1-dev_1.4.3-1_amd64.deb
to main/c/cups/libcupsmime1-dev_1.4.3-1_amd64.deb
libcupsmime1_1.4.3-1_amd64.deb
to main/c/cups/libcupsmime1_1.4.3-1_amd64.deb
libcupsppdc1-dev_1.4.3-1_amd64.deb
to main/c/cups/libcupsppdc1-dev_1.4.3-1_amd64.deb
libcupsppdc1_1.4.3-1_amd64.deb
to main/c/cups/libcupsppdc1_1.4.3-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 572940@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated cups package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 09 Apr 2010 16:19:16 +0200
Source: cups
Binary: libcups2 libcupsimage2 libcupscgi1 libcupsdriver1 libcupsmime1 libcupsppdc1 cups cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev libcupsdriver1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common cups-ppdc cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd cupsys-dbg cupsddk
Architecture: source all amd64
Version: 1.4.3-1
Distribution: unstable
Urgency: low
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
cups - Common UNIX Printing System(tm) - server
cups-bsd - Common UNIX Printing System(tm) - BSD commands
cups-client - Common UNIX Printing System(tm) - client programs (SysV)
cups-common - Common UNIX Printing System(tm) - common files
cups-dbg - Common UNIX Printing System(tm) - debugging symbols
cups-ppdc - Common UNIX Printing System(tm) - PPD manipulation utilities
cupsddk - Common UNIX Printing System (transitional package)
cupsys - Common UNIX Printing System (transitional package)
cupsys-bsd - Common UNIX Printing System (transitional package)
cupsys-client - Common UNIX Printing System (transitional package)
cupsys-common - Common UNIX Printing System (transitional package)
cupsys-dbg - Common UNIX Printing System (transitional package)
libcups2 - Common UNIX Printing System(tm) - Core library
libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library
libcupscgi1 - Common UNIX Printing System(tm) - CGI library
libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI libra
libcupsdriver1 - Common UNIX Printing System(tm) - Driver library
libcupsdriver1-dev - Common UNIX Printing System(tm) - Development files driver librar
libcupsimage2 - Common UNIX Printing System(tm) - Raster image library
libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li
libcupsmime1 - Common UNIX Printing System(tm) - MIME library
libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME library
libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library
libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD library
Closes: 572940
Changes:
cups (1.4.3-1) unstable; urgency=low
.
[ Till Kamppeter ]
* debian/filters/pstopdf: Use "-dUseCIEColor" for the Ghostscript call in the
pstopdf filter, to eliminate the warning "Set UseCIEColor for
UseDeviceIndependentColor to work properly.".
.
[ Martin Pitt ]
* New upstream bug fix release. See http://www.cups.org/articles.php?L594
for details.
* Drop CVE-2010-0393.dpatch, upstream now.
* Update usb-backend-both-usblp-and-libusb.dpatch for new version.
* select_use_after_free.dpatch: Add additional fix by Tim Waugh and Vincent
Danen for CVE-2010-0302, and update tag header. (Closes: #572940)
Checksums-Sha1:
e1dba52558dbcc30ccf95f68faa5f659f54a57a4 2153 cups_1.4.3-1.dsc
678bc0410f9eee79aa6856d4924ea2ae2f2f60ec 5367387 cups_1.4.3.orig.tar.gz
821cd5b03541cfc7aa56fe0972f2ad1fea43b02a 476717 cups_1.4.3-1.diff.gz
29a7e95ef82b7edfe5c0aefc00f782ee0b5b59d2 1486096 cups-common_1.4.3-1_all.deb
3296619793e96faf0516566dc12d19a189c220ae 72506 cupsys_1.4.3-1_all.deb
9e5877c964a27fcf7fa480ce56b87d5362b488f0 72532 cupsys-client_1.4.3-1_all.deb
b7480d0bbdb9ee98a5ac6d33600d96a9da1dcf27 72528 cupsys-common_1.4.3-1_all.deb
666862292c1d4790fae045d781f43ecc42433e15 72522 cupsys-bsd_1.4.3-1_all.deb
754d103f1b03a5f6a1f5758beb29be8ebf4a3d23 72532 cupsys-dbg_1.4.3-1_all.deb
a1ba8edc06257c0ebce9ae40e105888bebc6f149 72486 cupsddk_1.4.3-1_all.deb
16dd23b158f8a3b762d505927fae903940e983f1 222892 libcups2_1.4.3-1_amd64.deb
abd614966ee10827718f33a8f1cf0ce49bb5d037 120814 libcupsimage2_1.4.3-1_amd64.deb
66fa4ffc5d4e9c52798eba2ac904d01e7d0f1360 99220 libcupscgi1_1.4.3-1_amd64.deb
074cca755fb36326d0de446befec5bf2c8de446a 89800 libcupsdriver1_1.4.3-1_amd64.deb
5032f2316e2a710bde6808cc9b5f800302f1fdec 83250 libcupsmime1_1.4.3-1_amd64.deb
745b540a854a005a30cf05da9f754cdce49c7613 127686 libcupsppdc1_1.4.3-1_amd64.deb
6e10824b776a25946a9db416f0d54f9da03db984 2055678 cups_1.4.3-1_amd64.deb
dadc5f1feed7cc90a40ed765e46802f8d848468f 140124 cups-client_1.4.3-1_amd64.deb
284dbb058f2fda88a62bdbc0891c0d219913f691 281586 libcups2-dev_1.4.3-1_amd64.deb
108f7f07bfb122ee791aa0f5a39f78ae2f62a19f 61328 libcupsimage2-dev_1.4.3-1_amd64.deb
c95578d757ca24e485bbba2fb6569ba1da16af25 104690 libcupscgi1-dev_1.4.3-1_amd64.deb
6827be8bdcfced7e58ac40595c077788eb051668 92882 libcupsdriver1-dev_1.4.3-1_amd64.deb
d03753befe817091309d881b7c16e5bc27a861c8 83722 libcupsmime1-dev_1.4.3-1_amd64.deb
9efd662676aafe0587f86af6211522f5a55e1b07 145742 libcupsppdc1-dev_1.4.3-1_amd64.deb
2ff1502643e63f383e5f462cf7fab3f605571fdc 44674 cups-bsd_1.4.3-1_amd64.deb
bed6e2c4ea140ee986fb617d81d8a5f0aa1b0a1d 102024 cups-ppdc_1.4.3-1_amd64.deb
2c4df27395a807975978b515ad993a760c2ea1d6 92662 cups-dbg_1.4.3-1_amd64.deb
Checksums-Sha256:
8843e9209183d7c693e38608ec4864d3f8c97313b607c0cec0d261f38da99880 2153 cups_1.4.3-1.dsc
a796fa8c58dad6a1e458cae843c1bf3ee4d4ea77e00f82799b722f20f73f4887 5367387 cups_1.4.3.orig.tar.gz
6a6996edb7c6790ebf2aedd5b423ac4c4f416b836f43a28a9b597023c85cb78e 476717 cups_1.4.3-1.diff.gz
03f793e09d32e913c218263c088ee6e17d3395da119478125aced964f5216f16 1486096 cups-common_1.4.3-1_all.deb
09524d701b71b7e6a8f9e4d5519462bd125bd04f7a7dae1ad95aaf025401d459 72506 cupsys_1.4.3-1_all.deb
777d3689cdea774ba35f24096a0de0fea7d2a1256df7ca6f9e1bb9391e2a5eed 72532 cupsys-client_1.4.3-1_all.deb
b7a41bd89c1eae43de4f8c2faba2e22cd8cfd93f444ec481eea1ae2cc2f42da2 72528 cupsys-common_1.4.3-1_all.deb
02f825ad90789d87ae6bbc2bcd218edb6d0c1f60c358bbc5d0fc5a03e82b9f41 72522 cupsys-bsd_1.4.3-1_all.deb
55d974f6508209a8802030402c45377cd9d3936064bf7718cf9bba0f02d0dce5 72532 cupsys-dbg_1.4.3-1_all.deb
a4448569178b37e0aeee0e806165a6936ad9a1ffdfde3bfef16afd45715d8726 72486 cupsddk_1.4.3-1_all.deb
68e69dc9cca4acbcc880fcb7ece66cc2812b20a767b246a11e560af37bed7d4f 222892 libcups2_1.4.3-1_amd64.deb
223c4c1d8e4b61fceb9067cb3e6386d9b4d9fec3da58b32116957f24c8284b22 120814 libcupsimage2_1.4.3-1_amd64.deb
4b1448898c9b7403f036c69d5dacf1d9dd6f9b0828c6cdf34cc4c9522d84b37c 99220 libcupscgi1_1.4.3-1_amd64.deb
5da01a6e9ca65a5347e94a3c5690dacd1e8fd5d5861a175c006ff5b317d9f108 89800 libcupsdriver1_1.4.3-1_amd64.deb
0b2f91740c2eeaf95930aa3e2c23eadb0ed5f2eabb520f533fe59fc0e7e24764 83250 libcupsmime1_1.4.3-1_amd64.deb
31746e7b28e7129e73b7d292dad8fdf0b0e4229e611f1e343aeb87638e741ac0 127686 libcupsppdc1_1.4.3-1_amd64.deb
e90e698ccb47ff30dc9266d89732b10bed2f78a11627ff5fd2e370e8814eefab 2055678 cups_1.4.3-1_amd64.deb
aacaf6ac48b7dc1d7ba9788ab72e4504f052c7bc5223f2d88f5ddc5d08c498f4 140124 cups-client_1.4.3-1_amd64.deb
4a44524b13a2dd87a01fe73604e6168c974390db28b3a361238ccc54ff297542 281586 libcups2-dev_1.4.3-1_amd64.deb
d4f46ed82374df7f2777b3764184fb7aead509861b88bd419e7a99de5e38f17b 61328 libcupsimage2-dev_1.4.3-1_amd64.deb
44465838d26b6efa888912f0496849a3a6131237225ea7a3fe0ab1db24ae5fa6 104690 libcupscgi1-dev_1.4.3-1_amd64.deb
f6a27edec1e54f0def6d9d68f26bb27bba3d3b14fae105105c9e87c86c5e52e8 92882 libcupsdriver1-dev_1.4.3-1_amd64.deb
6621ff3ccc9d78ff6d50181247921ac35b5bb082476e179741fc06da3f611cbe 83722 libcupsmime1-dev_1.4.3-1_amd64.deb
946621f7421ef23ea0febd77cdfd1b30585cef3a3b95dc612ca044e57b0e266b 145742 libcupsppdc1-dev_1.4.3-1_amd64.deb
cc817dd2ab7402cc8e0bfdc51ac1060d7e4cfec75e5435d35a9fa44302c1e897 44674 cups-bsd_1.4.3-1_amd64.deb
753a4da7c2d3e7ec529cd18ec368518183104eab5d5a3e17694893f0026f2730 102024 cups-ppdc_1.4.3-1_amd64.deb
f17c612d81f2ee0e744311b61d588b28883511e7e8f6281e4a1071532c17ee70 92662 cups-dbg_1.4.3-1_amd64.deb
Files:
c04fbccb8513b890ec910ae0175c5942 2153 net optional cups_1.4.3-1.dsc
947aefd4849d0da93b5a8a99673f62b2 5367387 net optional cups_1.4.3.orig.tar.gz
beba7971d148fe090a90aa81ccce9805 476717 net optional cups_1.4.3-1.diff.gz
d49bcc25f48d18def23e5103645a203c 1486096 net optional cups-common_1.4.3-1_all.deb
3a7a4b12497cded6b5cebc37916b8f53 72506 oldlibs extra cupsys_1.4.3-1_all.deb
39ff2f3a2e34df024e804b6b5570e6a4 72532 oldlibs extra cupsys-client_1.4.3-1_all.deb
274330640b9f9b66c0533eed9ee789ca 72528 oldlibs extra cupsys-common_1.4.3-1_all.deb
2bcb79175b7c96bfdcd10073b3df4a51 72522 oldlibs extra cupsys-bsd_1.4.3-1_all.deb
66f22019938c4e2fbb13c20d597cd514 72532 oldlibs extra cupsys-dbg_1.4.3-1_all.deb
deedd2e215380cc235633c7b3f212d0e 72486 oldlibs extra cupsddk_1.4.3-1_all.deb
8a67497df9a9d796490f12c013c611ce 222892 libs optional libcups2_1.4.3-1_amd64.deb
f04e52b028a2625563d6949f53200cf2 120814 libs optional libcupsimage2_1.4.3-1_amd64.deb
b5884d9b3e3e33307adda41d96918281 99220 libs optional libcupscgi1_1.4.3-1_amd64.deb
1b290bf7cc79ed4b06ea0ff8f70d6631 89800 libs optional libcupsdriver1_1.4.3-1_amd64.deb
42eb6d75f3e51e1bf84f6c0a07229956 83250 libs optional libcupsmime1_1.4.3-1_amd64.deb
f9a3bc0379b228cae334a1cdd4264a69 127686 libs optional libcupsppdc1_1.4.3-1_amd64.deb
c545ec0676490d22559c623a63b3af92 2055678 net optional cups_1.4.3-1_amd64.deb
0b4e85828f03deef5517f9885780052e 140124 net optional cups-client_1.4.3-1_amd64.deb
77eba9a60a1624f212c84125e46a7b82 281586 libdevel optional libcups2-dev_1.4.3-1_amd64.deb
31c7d9dea38223cf6dd41a0817a2159f 61328 libdevel optional libcupsimage2-dev_1.4.3-1_amd64.deb
1a79baa44042b2af35a12b2be12339d6 104690 libdevel optional libcupscgi1-dev_1.4.3-1_amd64.deb
38207b0ca19014cf8c9165698aa53811 92882 libdevel optional libcupsdriver1-dev_1.4.3-1_amd64.deb
dc9d843435f8ac59783e6ffc8b628066 83722 libdevel optional libcupsmime1-dev_1.4.3-1_amd64.deb
fa573deeb3a8751bdb8ba879d0d11923 145742 libdevel optional libcupsppdc1-dev_1.4.3-1_amd64.deb
34a95db2d2fe784c3088534ab71ce13d 44674 net extra cups-bsd_1.4.3-1_amd64.deb
ce6bb78fa46b858448ea155d0d4a1650 102024 net optional cups-ppdc_1.4.3-1_amd64.deb
ee44814f91144a1b1f381fda19c3fe96 92662 debug extra cups-dbg_1.4.3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAku/OwAACgkQDecnbV4Fd/IozACfar5b4KddnOYHOoqv6zRi9KCj
R40An1Z76CZquK1k/XfF1OUnClDojbMG
=g21I
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: