found 635549 3.10.6-2 notfound 635549 3.11.10 thanks Hi Moritz, Le mardi, 26 juillet 2011 23.07:01, Moritz Muehlenhoff a écrit : > > Two security issues have been reported in hplip: > > 1. Shell command injection in foomatic-rip-hplip: > https://bugzilla.novell.com/show_bug.cgi?id=698451 > This is CVE-2011-2697 As far as I can see, the culprit file is foomatic-rip-hplip, which is only shipped in hplip-ppds, and only in stable; testing and unstable versions rely on the fixed foomatic-rip from the foomatic-filters package. > 2. Insecure tempfile handling: > https://bugzilla.novell.com/show_bug.cgi?id=704608 > https://bugs.launchpad.net/hplip/+bug/809904 > This is CVE-2011-2722 This seems to be fixed in 3.11.10, hence again, only stable is affected. > This should be fixed in a DSA, could you prepared updated > packages? I will try to, but would be happier if the HPLIP team could do this security upload themselves (4 months without a single response; meh). Cheers, -- OdyX
Description: This is a digitally signed message part.