Bug#635549: #635549: Two hplip security issues

To: 635549@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@debian.org>
Subject: Bug#635549: #635549: Two hplip security issues
From: Didier Raboud <odyx@debian.org>
Date: Fri, 25 Nov 2011 14:04:44 +0100
Message-id: <[🔎] 201111251404.46582.odyx@debian.org>
Reply-to: Didier Raboud <odyx@debian.org>, 635549@bugs.debian.org
In-reply-to: <[🔎] 201111251216.08930.odyx@debian.org>
References: <20110726210701.1385.59672.reportbug@pisco.westfalen.local> <[🔎] 201111251216.08930.odyx@debian.org>

Le vendredi, 25 novembre 2011 12.16:06, Didier Raboud a écrit :
> > 
> > 2. Insecure tempfile handling:
> > https://bugzilla.novell.com/show_bug.cgi?id=704608
> > https://bugs.launchpad.net/hplip/+bug/809904
> > This is CVE-2011-2722
> 
> This seems to be fixed in 3.11.10, hence again, only stable is affected.

The attached dpatch against the version currently in stable does fix that bug.

As for oldstable, I couldn't find any occurence of this bug in the source 
code.

Cheers,

OdyX

Attachment: CVE-2011-2722.dpatch
Description: application/shellscript

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Bug#635549: #635549: Two hplip security issues
  - From: Moritz Mühlenhoff <jmm@inutil.org>

References:
- Bug#635549: #635549: Two hplip security issues
  - From: Didier Raboud <odyx@debian.org>

Prev by Date: Bug#649999: /usr/bin/hp-plugin: hp-plugin generates broken udev files
Next by Date: Bug#635549: #635549: Two hplip security issues
Previous by thread: Bug#635549: #635549: Two hplip security issues
Next by thread: Bug#635549: #635549: Two hplip security issues
Index(es):
- Date
- Thread