[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#635549: marked as done (Two security issues)

Your message dated Fri, 25 Nov 2011 13:23:10 +0100
with message-id <201111251323.19384.odyx@debian.org>
and subject line Re: #635549: Two hplip security issues
has caused the Debian Bug report #635549,
regarding Two security issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

635549: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635549
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: hplip
Severity: grave
Tags: security

Two security issues have been reported in hplip:

1. Shell command injection in foomatic-rip-hplip: 
This is CVE-2011-2697

2. Insecure tempfile handling:
This is CVE-2011-2722

This should be fixed in a DSA, could you prepared updated


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message ---
Version: 3.11.10-1

Le vendredi, 25 novembre 2011 12.16:06, Didier Raboud a écrit :
> As far as I can see, the culprit file is foomatic-rip-hplip, which is only
> shipped in hplip-ppds, and only in stable; testing and unstable versions
> rely on the fixed foomatic-rip from the foomatic-filters package.
> This seems to be fixed in 3.11.10, hence again, only stable is affected.

Meh. So it's "-done" in the version currently in testing.

Attachment: signature.asc
Description: This is a digitally signed message part.

--- End Message ---

Reply to: