Re: cups-filters 1.2.0 released!

To: debian-printing@lists.debian.org
Cc: Moritz Muehlenhoff <jmm@inutil.org>, Till Kamppeter <till.kamppeter@gmail.com>, Debian Security Team <team@security.debian.org>
Subject: Re: cups-filters 1.2.0 released!
From: Didier 'OdyX' Raboud <odyx@debian.org>
Date: Wed, 02 Dec 2015 15:23:38 +0100
Message-id: <[🔎] 1708163.mCNhu38LXJ@odyx.org>
In-reply-to: <[🔎] 20151202140818.GB26034@inutil.org>
References: <565766B0.7010204@gmail.com> <[🔎] 2656763.LicUFHGDld@odyx.org> <[🔎] 20151202140818.GB26034@inutil.org>

Le mercredi, 2 décembre 2015, 15.08:18 Moritz Muehlenhoff a écrit :
> On Wed, Dec 02, 2015 at 02:36:06PM +0100, Didier 'OdyX' Raboud wrote:
> > Le mardi, 1 décembre 2015, 09.14:12 Moritz Muehlenhoff a écrit :
> > > B0;115;0cOn Mon, Nov 30, 2015 at 10:21:58PM +0100, Didier 'OdyX'
> > 
> > Raboud wrote:
> > > > Hi Till,
> > > > 
> > > > Le jeudi, 26 novembre 2015, 18.08:16 Till Kamppeter a écrit :
> > > > > I have released cups-filters 1.2.0 now, with the following
> > > > > changes:
> > > > > 
> > > > > - cups-browsed: When using IP-address-based device URIs via
> > > > > the
> > > > > "IPBasedDeviceURIs" directive in cups-browsed.conf, add two
> > > > > additional settings to restrict the used IP addresses to
> > > > > either
> > > > > only IPv4 addresses or only IPv6 addresses.
> > > > > - foomatic-rip: SECURITY FIX: Also consider the back tick
> > > > > ('`') as
> > > > > an
> > > > > illegal shell escape character. Thanks to Michal Kowalczyk
> > > > > from
> > > > > the
> > > > > Google Security Team for the hint (CVE-2015-8327).
> > > > 
> > > > Uploaded, thanks!
> > > > 
> > > > I'm hereby CC'ing the security team to discuss the backport of
> > > > that
> > > > security fix (patch CC'ed) to jessie-security. At this stage, I
> > > > don't
> > > > have more details than the above, can you share more Till?
> > > 
> > > Thanks! Please upload to security-master. I'll take care of the
> > > DSA.
> > 
> > Uploaded, thanks. But…
> > 
> > As Till mentionned further down that thread:
> > 
> > Le mardi, 1 décembre 2015, 08.47:36 Till Kamppeter a écrit :
> > > foomatic-rip is part of cups-filters from version 1.0.42 on,
> > > before
> > > that version, foomatic-rip of the foomatic-filters package was
> > > used.
> > 
> > That means that src:foomatic-filters is affected by this bug, for
> > all
> > suites. That also means pre-jessie src:cups-filters versions are
> > unaffected.
> 
> Do you know why foomatic-filters is still a separate package in
> testing/sid, then? Is there a usecase not covered by the version in
> cups-filters?

https://bugs.debian.org/746381 is the orphaning bug.

foomatic-filters "could" be useful for non-CUPS use-cases, but I don't 
know which by heart. It also provides the "beh" CUPS backend that 
currently cannot be installed:

https://bugs.debian.org/799259

See https://bugs.debian.org/799259#30 <560962AF.1000009@gmail.com> for 
upstream's reasoning for not adopting beh into cups-filters.

I was in favour of removing foomatic-filters altogether, but it was 
taken over, so…

Cheers,
OdyX

Reply to:

References:
- Re: cups-filters 1.2.0 released!
  - From: Didier 'OdyX' Raboud <odyx@debian.org>
- Re: cups-filters 1.2.0 released!
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: cups-filters 1.2.0 released!
Next by Date: Processing of cups-filters_1.0.61-5+deb8u2_amd64.changes
Previous by thread: Re: cups-filters 1.2.0 released!
Next by thread: Bug#519640: Is it fixed in the meantime?
Index(es):
- Date
- Thread