Bug#635549: #635549: Two hplip security issues

To: 635549@bugs.debian.org
Subject: Bug#635549: #635549: Two hplip security issues
From: Didier Raboud <odyx@debian.org>
Date: Fri, 25 Nov 2011 14:43:49 +0100
Message-id: <[🔎] 201111251443.51316.odyx@debian.org>
Reply-to: Didier Raboud <odyx@debian.org>, 635549@bugs.debian.org
In-reply-to: <[🔎] 201111251222.27308.odyx@debian.org>
References: <20110726210701.1385.59672.reportbug@pisco.westfalen.local> <[🔎] 201111251216.08930.odyx@debian.org> <[🔎] 201111251222.27308.odyx@debian.org>

Le vendredi, 25 novembre 2011 12.22:24, Didier Raboud a écrit :
> > Le mardi, 26 juillet 2011 23.07:01, Moritz Muehlenhoff a écrit :
> > > 
> > > 1. Shell command injection in foomatic-rip-hplip:
> > > https://bugzilla.novell.com/show_bug.cgi?id=698451
> > > This is CVE-2011-2697
> > 
> > As far as I can see, the culprit file is foomatic-rip-hplip, which is
> > only shipped in hplip-ppds, and only in stable; testing and unstable
> > versions rely on the fixed foomatic-rip from the foomatic-filters
> > package.

> usr/lib/cups/filter/foomatic-rip-hplip (supposedly culprit file) is already
> a symlink to usr/lib/cups/filter/foomatic-rip in the stable package. So
> this CVE doesn't affect any version bigger than what is in stable

And foomatic-rip-hplip is not in oldstable either, so it seems CVE-2011-2697 
doesn't affect any currently released hplip.

Cheers,
-- 
OdyX

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- Bug#635549: #635549: Two hplip security issues
  - From: Didier Raboud <odyx@debian.org>
- Bug#635549: #635549: Two hplip security issues
  - From: Didier Raboud <odyx@debian.org>

Prev by Date: Bug#635549: #635549: Two hplip security issues
Next by Date: Bug#635549: Stable update of hplip for CVE-2011-2722 (#635549) ?
Previous by thread: Bug#635549: #635549: Two hplip security issues
Next by thread: Bug#635549: #635549: Two hplip security issues
Index(es):
- Date
- Thread