Bug#743470: cups-filters: CVE-2014-2707: remote command injection in cups-browsed

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#743470: cups-filters: CVE-2014-2707: remote command injection in cups-browsed
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 03 Apr 2014 06:43:18 +0200
Message-id: <[🔎] 20140403044318.29509.12481.reportbug@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 743470@bugs.debian.org

Source: cups-filters
Version: 1.0.50-1
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole

Hi

See [1] and [2]:

 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1083326
 [2] http://seclists.org/oss-sec/2014/q2/3

AFAICS this was introduced in 1.0.41 and wheezy is not affected by the
issue.

Ubuntu has already fixed it with the 1.0.51-0ubuntu1 upload.

Regards and thanks for your work,
Salvatore

Reply to:

Follow-Ups:
- Bug#743470: marked as done (cups-filters: CVE-2014-2707: remote command injection in cups-browsed)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#732440: Patch is obviously not in updates.
Next by Date: Processing of cups-filters_1.0.51-1_amd64.changes
Previous by thread: Bug#732440: Patch is obviously not in updates.
Next by thread: Bug#743470: marked as done (cups-filters: CVE-2014-2707: remote command injection in cups-browsed)
Index(es):
- Date
- Thread