Bug#915909: marked as done (cups: CVE-2018-4700: Linux session cookies used a predictable random number seed)
Your message dated Sat, 08 Dec 2018 12:34:13 +0000
with message-id <E1gVboD-0006de-Iw@fasolo.debian.org>
and subject line Bug#915909: fixed in cups 2.2.10-1
has caused the Debian Bug report #915909,
regarding cups: CVE-2018-4700: Linux session cookies used a predictable random number seed
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
915909: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915909
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: cups
Version: 2.2.9-4
Severity: important
Tags: patch security upstream
Hi,
The following vulnerability was published for cups.
CVE-2018-4700[0]:
Linux session cookies used a predictable random number seed
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-4700
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4700
[1] https://github.com/apple/cups/commit/feb4c62b211bfbd78dc10d737d873439ccdfa58c
[2] https://github.com/apple/cups/commit/b9ff93ce913ff633a3f667317e5a81fa7fe0d5d3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cups
Source-Version: 2.2.10-1
We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 915909@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 08 Dec 2018 12:58:43 +0100
Source: cups
Binary: libcups2 libcupsimage2 cups cups-core-drivers cups-daemon cups-client cups-ipp-utils libcups2-dev libcupsimage2-dev cups-bsd cups-common cups-server-common cups-ppdc
Architecture: source
Version: 2.2.10-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Description:
cups - Common UNIX Printing System(tm) - PPD/driver support, web interfa
cups-bsd - Common UNIX Printing System(tm) - BSD commands
cups-client - Common UNIX Printing System(tm) - client programs (SysV)
cups-common - Common UNIX Printing System(tm) - common files
cups-core-drivers - Common UNIX Printing System(tm) - driverless printing
cups-daemon - Common UNIX Printing System(tm) - daemon
cups-ipp-utils - Common UNIX Printing System(tm) - IPP developer/admin utilities
cups-ppdc - Common UNIX Printing System(tm) - PPD manipulation utilities
cups-server-common - Common UNIX Printing System(tm) - server common files
libcups2 - Common UNIX Printing System(tm) - Core library
libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library
libcupsimage2 - Common UNIX Printing System(tm) - Raster image library
libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li
Closes: 915909
Changes:
cups (2.2.10-1) unstable; urgency=medium
.
* New 2.2.10 upstream release
- CVE-2018-4700: Linux session cookies used a predictable random number
seed (Closes: #915909)
* Manpage translations refresh
* Drop superfluous dpkg-dev B-D
Checksums-Sha1:
76a71faa79201efed0a768fade6ddcd087df3d53 3258 cups_2.2.10-1.dsc
6c9ae0eb292f4604109553795726c0184c8a0058 10403568 cups_2.2.10.orig.tar.gz
4825086c0b2dd9fdd89f1ec4ee10c295b5d62d8f 864 cups_2.2.10.orig.tar.gz.asc
1cf384ade574fd0827cdbfafa313531724b4f079 349736 cups_2.2.10-1.debian.tar.xz
Checksums-Sha256:
e15e2da5455813da77e43c9addb45cd392892216aa15f25a55023ff37fed6310 3258 cups_2.2.10-1.dsc
77c8b2b3bb7fe8b5fbfffc307f2c817b2d7ec67b657f261a1dd1c61ab81205bb 10403568 cups_2.2.10.orig.tar.gz
be235dd0cc526e5bde2a67f0dc2888be5d8dc40d1dfa44ab1a322d83f606e82d 864 cups_2.2.10.orig.tar.gz.asc
a9b17c1b925a39f87db4ab25ebf64c06326766c94ef8e6087af085084be3953e 349736 cups_2.2.10-1.debian.tar.xz
Files:
0a55ebdab7d66b2bb1322bfb6a9b584c 3258 net optional cups_2.2.10-1.dsc
3d22d747403ec5dcd0b66d1332564816 10403568 net optional cups_2.2.10.orig.tar.gz
f4cd381ccf4c052fdfba96f34bd87089 864 net optional cups_2.2.10.orig.tar.gz.asc
88a5a7449708a9d9f16e4fc4da46f7a9 349736 net optional cups_2.2.10-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEe+WPIRpjNw1/GSB7i8+nHsoWNFUFAlwLuAYACgkQi8+nHsoW
NFVm8wv/RTThqcSFDRfGGoWEqzEJKQQVuBJOn6f1S1DegwkN/iNAY5riwbbZXaoh
1XoNUn3jrUGyEWxb4YJNYGA8VHsWDzkxzBohbrtTOg77m8hl8nhkU/NA+Os1Yf38
5rS6lmRQRxJvaBlnOfVO2SYygycxclyMwW4IJ8vDyYpGQBia/4leMGntSL5xUe1V
b4YYQO9UrXmApbOaURRZMVn2CTUKE3zt4/BT6ecWV0tjx321qQU0SaAN3cHrVfdQ
T5eVu1wU9FoGqI/QzdS31D3FbI7yL00f0iq6sssWZ8Es+6oJZNSWSOqJWsyi3Mj4
Z7/L16BgV1u0y+EXZarzhorvL1zJyPx7u1WdImJ4eEW5n25QJO/QuTa4rfzx5Q/k
OwbKKyKyu3hnJSPWyGBlibDuop2axMk8oOTgqRkH32Y5ra0CIA32SSWaCWCBXjaz
2JtN47ORhJUmfvEVIjmT6JcmKHcp5vAwHRzMLBsY8zM4fewHxuec0IK1rC/XKYFm
FEv/IO3o
=OuuZ
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: