Bug#780267: marked as done (cups-filters: CVE-2015-2265)

To: Didier Raboud <odyx@debian.org>
Subject: Bug#780267: marked as done (cups-filters: CVE-2015-2265)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 11 Mar 2015 13:36:06 +0000
Message-id: <[🔎] handler.780267.D780267.142608082919292.ackdone@bugs.debian.org>
References: <E1YVglf-00008K-4C@franck.debian.org> <[🔎] 20150311115123.4371.66945.reportbug@m25s06.vlinux.de>

Your message dated Wed, 11 Mar 2015 13:33:47 +0000
with message-id <E1YVglf-00008K-4C@franck.debian.org>
and subject line Bug#780267: fixed in cups-filters 1.0.61-5
has caused the Debian Bug report #780267,
regarding cups-filters: CVE-2015-2265
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
780267: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780267
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: cups-filters: CVE-2015-2265

From: Moritz Muehlenhoff <jmm@inutil.org>

Date: Wed, 11 Mar 2015 12:51:23 +0100

Message-id: <[🔎] 20150311115123.4371.66945.reportbug@m25s06.vlinux.de>
Package: cups-filters
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see https://bugs.linuxfoundation.org/show_bug.cgi?id=1265

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 780267-close@bugs.debian.org
Subject: Bug#780267: fixed in cups-filters 1.0.61-5
From: Didier Raboud <odyx@debian.org>
Date: Wed, 11 Mar 2015 13:33:47 +0000
Message-id: <E1YVglf-00008K-4C@franck.debian.org>

Source: cups-filters
Source-Version: 1.0.61-5

We believe that the bug you reported is fixed in the latest version of
cups-filters, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 780267@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups-filters package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 11 Mar 2015 13:50:30 +0100
Source: cups-filters
Binary: libcupsfilters1 libfontembed1 cups-filters cups-filters-core-drivers libcupsfilters-dev libfontembed-dev cups-browsed
Architecture: source
Version: 1.0.61-5
Distribution: unstable
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Description:
 cups-browsed - OpenPrinting CUPS Filters - cups-browsed
 cups-filters - OpenPrinting CUPS Filters - Main Package
 cups-filters-core-drivers - OpenPrinting CUPS Filters - PPD-less printing
 libcupsfilters-dev - OpenPrinting CUPS Filters - Development files for the library
 libcupsfilters1 - OpenPrinting CUPS Filters - Shared library
 libfontembed-dev - OpenPrinting CUPS Filters - Development files for font embed libr
 libfontembed1 - OpenPrinting CUPS Filters - Font Embed Shared library
Closes: 780267
Changes:
 cups-filters (1.0.61-5) unstable; urgency=high
 .
   * Backport upstream's patch to fix a bug in the remove_bad_chars() failing
     to reliably filter out illegal characters, allowing execution of arbitrary
     commands with the rights of the "lp" user, using forged print service
     announcements on DNS-SD servers (Closes: #780267, CVE-2015-2265)
   * Urgency high for the security fix
Checksums-Sha1:
 80f724bb33d2dad0b7b6bbb7441cc96f88acac68 2708 cups-filters_1.0.61-5.dsc
 119395ad2fbcfdcd476d924dcf608097135b0b83 67048 cups-filters_1.0.61-5.debian.tar.xz
Checksums-Sha256:
 47d4e1d0459e86b70e56f25ddc404b00d3e1b1f79f560641ea83b9c7de318352 2708 cups-filters_1.0.61-5.dsc
 2cf8d73ee96581f4c07650b3c4c156b1ff88360be2cc5ad341e6b0d57617e0e6 67048 cups-filters_1.0.61-5.debian.tar.xz
Files:
 0e1a880b02d0992bf5694aa431bf9b38 2708 net optional cups-filters_1.0.61-5.dsc
 e3ca5656730730d5c068e816483a98a8 67048 net optional cups-filters_1.0.61-5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGcBAEBCAAGBQJVAEEYAAoJEIvPpx7KFjRVuBUL/jiYzTRCOQyC+Tlt7vqE5han
YybjAR9ZQ57M2thddaCOHECPU6HQ5+tn7ssmLTUgrp0gqcTvlU7NKoMwOSeDWtpZ
5im3tHRTiTRILyQgmj0Q9t7u5KN9JR5ztmRUylyNMyiuGaGihUefWvaWLXBqC16d
3MyrasFPilNkv4GpP+TWQrzgh/vOkBIKiHA/bmfo6SGv2/wFFx2U0y3DGikFWbkt
2wDDIkKcItpWUQtJsj80YXjqrZiBEh3+BIXUAThcjV4+mtLbziHNWJJEQJYGLLZj
cZHRM2tQNk65mn6D3VS5zgQ6/oSEzySyilQSOooqAvYHVodLEy2zZ5wKqHJJcd56
XkvrBIF2mkXXWkSBnnQrHMNmwlE7pCxob9wM0L8giJe76+DG3yjXWv9d/kDTZy/j
bYdDKfX0VX2H8oqJScT4oHsAYqmJgVotPCZMZYg2w02nFasgx1JgXgNMjtQcSbmf
yo8wYbAAM+1JVqb7ldYCPCjJyAOkEjlmJi1Fpnmjtw==
=U4qY
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#780267: cups-filters: CVE-2015-2265
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Processed: tagging 780267
Next by Date: Bug#780267: marked as done (cups-filters: CVE-2015-2265)
Previous by thread: Bug#780267: cups-filters: CVE-2015-2265
Next by thread: Bug#780267: marked as done (cups-filters: CVE-2015-2265)
Index(es):
- Date
- Thread