[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#635549: #635549: Two hplip security issues



found 635549 3.10.6-2
notfound 635549 3.11.10
thanks

Hi Moritz,

Le mardi, 26 juillet 2011 23.07:01, Moritz Muehlenhoff a écrit :
> 
> Two security issues have been reported in hplip:
> 
> 1. Shell command injection in foomatic-rip-hplip:
> https://bugzilla.novell.com/show_bug.cgi?id=698451
> This is CVE-2011-2697

As far as I can see, the culprit file is foomatic-rip-hplip, which is only 
shipped in hplip-ppds, and only in stable; testing and unstable versions rely 
on the fixed foomatic-rip from the foomatic-filters package.

> 2. Insecure tempfile handling:
> https://bugzilla.novell.com/show_bug.cgi?id=704608
> https://bugs.launchpad.net/hplip/+bug/809904
> This is CVE-2011-2722

This seems to be fixed in 3.11.10, hence again, only stable is affected.

> This should be fixed in a DSA, could you prepared updated
> packages?

I will try to, but would be happier if the HPLIP team could do this security 
upload themselves (4 months without a single response; meh).

Cheers,

--
OdyX

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: