Bug#635549: #635549: Two hplip security issues
On Fri, Nov 25, 2011 at 02:04:44PM +0100, Didier Raboud wrote:
> Le vendredi, 25 novembre 2011 12.16:06, Didier Raboud a écrit :
> > >
> > > 2. Insecure tempfile handling:
> > > https://bugzilla.novell.com/show_bug.cgi?id=704608
> > > https://bugs.launchpad.net/hplip/+bug/809904
> > > This is CVE-2011-2722
> >
> > This seems to be fixed in 3.11.10, hence again, only stable is affected.
>
> The attached dpatch against the version currently in stable does fix that bug.
>
> As for oldstable, I couldn't find any occurence of this bug in the source
> code.
CVE-2011-2722 itself doesn't warrant a DSA. Could the hplip maintainers
please fix this through a point update?
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
Cheers,
Moritz
Reply to: