Bug#635549: marked as done (Two security issues)

To: Didier Raboud <odyx@debian.org>
Subject: Bug#635549: marked as done (Two security issues)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 25 Nov 2011 12:48:26 +0000
Message-id: <[🔎] handler.635549.D635549.132222517632578.ackdone@bugs.debian.org>
References: <201111251323.19384.odyx@debian.org> <20110726210701.1385.59672.reportbug@pisco.westfalen.local>

Your message dated Fri, 25 Nov 2011 13:23:10 +0100
with message-id <201111251323.19384.odyx@debian.org>
and subject line Re: #635549: Two hplip security issues
has caused the Debian Bug report #635549,
regarding Two security issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
635549: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635549
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Two security issues
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 26 Jul 2011 23:07:01 +0200
Message-id: <20110726210701.1385.59672.reportbug@pisco.westfalen.local>

Package: hplip
Severity: grave
Tags: security

Two security issues have been reported in hplip:

1. Shell command injection in foomatic-rip-hplip: 
https://bugzilla.novell.com/show_bug.cgi?id=698451
This is CVE-2011-2697

2. Insecure tempfile handling:
https://bugzilla.novell.com/show_bug.cgi?id=704608
https://bugs.launchpad.net/hplip/+bug/809904
This is CVE-2011-2722

This should be fixed in a DSA, could you prepared updated
packages?

Cheers,
        Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

To: 635549-done@bugs.debian.org

Cc: Moritz Muehlenhoff <jmm@debian.org>

Subject: Re: #635549: Two hplip security issues

From: Didier Raboud <odyx@debian.org>

Date: Fri, 25 Nov 2011 13:23:10 +0100

Message-id: <201111251323.19384.odyx@debian.org>

In-reply-to: <[🔎] 201111251216.08930.odyx@debian.org>

References: <20110726210701.1385.59672.reportbug@pisco.westfalen.local> <[🔎] 201111251216.08930.odyx@debian.org>
Version: 3.11.10-1

Le vendredi, 25 novembre 2011 12.16:06, Didier Raboud a écrit :
> As far as I can see, the culprit file is foomatic-rip-hplip, which is only
> shipped in hplip-ppds, and only in stable; testing and unstable versions
> rely on the fixed foomatic-rip from the foomatic-filters package.
(…)
> This seems to be fixed in 3.11.10, hence again, only stable is affected.

Meh. So it's "-done" in the version currently in testing.
-- 
OdyX
Attachment: signature.asc
Description: This is a digitally signed message part.

--- End Message ---

Reply to:

Prev by Date: Processed: found 635549 in 3.10.6-2
Next by Date: Bug#649999: /usr/bin/hp-plugin: hp-plugin generates broken udev files
Previous by thread: Processed: found 635549 in 3.10.6-2
Next by thread: Bug#649999: /usr/bin/hp-plugin: hp-plugin generates broken udev files
Index(es):
- Date
- Thread