Your message dated Fri, 25 Nov 2011 13:23:10 +0100 with message-id <201111251323.19384.odyx@debian.org> and subject line Re: #635549: Two hplip security issues has caused the Debian Bug report #635549, regarding Two security issues to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 635549: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635549 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Two security issues
- From: Moritz Muehlenhoff <jmm@debian.org>
- Date: Tue, 26 Jul 2011 23:07:01 +0200
- Message-id: <20110726210701.1385.59672.reportbug@pisco.westfalen.local>
Package: hplip Severity: grave Tags: security Two security issues have been reported in hplip: 1. Shell command injection in foomatic-rip-hplip: https://bugzilla.novell.com/show_bug.cgi?id=698451 This is CVE-2011-2697 2. Insecure tempfile handling: https://bugzilla.novell.com/show_bug.cgi?id=704608 https://bugs.launchpad.net/hplip/+bug/809904 This is CVE-2011-2722 This should be fixed in a DSA, could you prepared updated packages? Cheers, Moritz -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
- To: 635549-done@bugs.debian.org
- Cc: Moritz Muehlenhoff <jmm@debian.org>
- Subject: Re: #635549: Two hplip security issues
- From: Didier Raboud <odyx@debian.org>
- Date: Fri, 25 Nov 2011 13:23:10 +0100
- Message-id: <201111251323.19384.odyx@debian.org>
- In-reply-to: <[🔎] 201111251216.08930.odyx@debian.org>
- References: <20110726210701.1385.59672.reportbug@pisco.westfalen.local> <[🔎] 201111251216.08930.odyx@debian.org>
Version: 3.11.10-1 Le vendredi, 25 novembre 2011 12.16:06, Didier Raboud a écrit : > As far as I can see, the culprit file is foomatic-rip-hplip, which is only > shipped in hplip-ppds, and only in stable; testing and unstable versions > rely on the fixed foomatic-rip from the foomatic-filters package. (…) > This seems to be fixed in 3.11.10, hence again, only stable is affected. Meh. So it's "-done" in the version currently in testing. -- OdyXAttachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---