Bug#915909: marked as done (cups: CVE-2018-4700: Linux session cookies used a predictable random number seed)

To: Didier Raboud <odyx@debian.org>
Subject: Bug#915909: marked as done (cups: CVE-2018-4700: Linux session cookies used a predictable random number seed)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 10 Dec 2018 09:51:03 +0000
Message-id: <[🔎] handler.915909.D915909.15444353563475.ackdone@bugs.debian.org>
Reply-to: 915909@bugs.debian.org
References: <E1gWIBd-0001OG-Q2@fasolo.debian.org> <[🔎] 154421521525.17461.7602935745089487108.reportbug@eldamar.local>

Your message dated Mon, 10 Dec 2018 09:49:13 +0000
with message-id <E1gWIBd-0001OG-Q2@fasolo.debian.org>
and subject line Bug#915909: fixed in cups 2.3~b6-1
has caused the Debian Bug report #915909,
regarding cups: CVE-2018-4700: Linux session cookies used a predictable random number seed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
915909: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915909
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: cups: CVE-2018-4700: Linux session cookies used a predictable random number seed

From: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 07 Dec 2018 21:40:15 +0100

Message-id: <[🔎] 154421521525.17461.7602935745089487108.reportbug@eldamar.local>
Source: cups
Version: 2.2.9-4
Severity: important
Tags: patch security upstream

Hi,

The following vulnerability was published for cups.

CVE-2018-4700[0]:
Linux session cookies used a predictable random number seed

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-4700
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4700
[1] https://github.com/apple/cups/commit/feb4c62b211bfbd78dc10d737d873439ccdfa58c
[2] https://github.com/apple/cups/commit/b9ff93ce913ff633a3f667317e5a81fa7fe0d5d3

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---

--- Begin Message ---

To: 915909-close@bugs.debian.org
Subject: Bug#915909: fixed in cups 2.3~b6-1
From: Didier Raboud <odyx@debian.org>
Date: Mon, 10 Dec 2018 09:49:13 +0000
Message-id: <E1gWIBd-0001OG-Q2@fasolo.debian.org>

Source: cups
Source-Version: 2.3~b6-1

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 915909@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 10 Dec 2018 10:18:41 +0100
Source: cups
Binary: libcups2 libcupsimage2 cups cups-core-drivers cups-daemon cups-client cups-ipp-utils libcups2-dev libcupsimage2-dev cups-bsd cups-common cups-server-common cups-ppdc
Architecture: source
Version: 2.3~b6-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Description:
 cups       - Common UNIX Printing System(tm) - PPD/driver support, web interfa
 cups-bsd   - Common UNIX Printing System(tm) - BSD commands
 cups-client - Common UNIX Printing System(tm) - client programs (SysV)
 cups-common - Common UNIX Printing System(tm) - common files
 cups-core-drivers - Common UNIX Printing System(tm) - driverless printing
 cups-daemon - Common UNIX Printing System(tm) - daemon
 cups-ipp-utils - Common UNIX Printing System(tm) - IPP developer/admin utilities
 cups-ppdc  - Common UNIX Printing System(tm) - PPD manipulation utilities
 cups-server-common - Common UNIX Printing System(tm) - server common files
 libcups2   - Common UNIX Printing System(tm) - Core library
 libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library
 libcupsimage2 - Common UNIX Printing System(tm) - Raster image library
 libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li
Closes: 915909
Changes:
 cups (2.3~b6-1) experimental; urgency=medium
 .
   * New 2.3~b6 upstream pre-release
     - CVE-2018-4700: Linux session cookies used a predictable random number
       seed (Closes: #915909)
     - The `cupsaddsmb` program has been removed (Issue #5449)
     - The `cupstestdsc` program has been removed (Issue #5450)
     - Rebase patches
 .
   * Merge 2.2.10-1
   * Manpage translations update
   * Add patch to fix FTBFS due to wrong `usage(int)` usage
   * Update libcups2 symbols: +12 cupsRaster*
   * Cope with cupsaddsmb and cupstestdsc removals:
     - Remove from cups-client installed files
     - Remove from manpage translation infrastructure
     - Remove from libcups2's README.Debian
Checksums-Sha1:
 ec9edac4f9d8a16b69d070456eed7edf4638917f 3254 cups_2.3~b6-1.dsc
 c582c879e689c5e69015ca23fa36d8fcb7036c0c 10240934 cups_2.3~b6.orig.tar.gz
 dd4dd7f214262eeee7b2f229fd1f89daef426480 864 cups_2.3~b6.orig.tar.gz.asc
 fbce7bf3708d3f983681c000206787fdeeba005c 349912 cups_2.3~b6-1.debian.tar.xz
Checksums-Sha256:
 35755a1ca183ea35979ec4572a66d35a4fd3ce8aea311bf9135dd58cff061de1 3254 cups_2.3~b6-1.dsc
 8e2f5acecb4fb71c46d5a4fecbd5d78ce7d9e7be9920d38d344ee414065061b7 10240934 cups_2.3~b6.orig.tar.gz
 67e6ff6669fda21c3d4370933a53e4b224a021d13c52ef82fd2bb6148603c86f 864 cups_2.3~b6.orig.tar.gz.asc
 37e731822a2dda4df3f243d45bfd5d0b282279e27679312cf3c1563addebef87 349912 cups_2.3~b6-1.debian.tar.xz
Files:
 786fe2f459e52e189b41714d4227f364 3254 net optional cups_2.3~b6-1.dsc
 774784e45046ad10e5a51db861f3be75 10240934 net optional cups_2.3~b6.orig.tar.gz
 587177b8c1a3a014f9659a769067993a 864 net optional cups_2.3~b6.orig.tar.gz.asc
 9b40d2b39a2712dda2e890df10c61cec 349912 net optional cups_2.3~b6-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEe+WPIRpjNw1/GSB7i8+nHsoWNFUFAlwOMVoACgkQi8+nHsoW
NFWmiAv9G+Vybu7kyTae1MmnQtvvUYfgATImxDYZBsOEcJk4zMI2k9XIwiK1jlP+
9InahyGY3QpJOyMwSnzeldjwWOOFeHkV0msd9k1SlhV6ZTL/9AYqS4aotQf5apH1
RzMKSRs3f9euxMQOHcORpLEZEpRLdjLRKFgIAM768Lg8PLJRX7LKXQZbJFNOtwqx
mUM3lDzuKlqmkYL1XqZY2d1tgWuPdqOqyejDgzM5WHZ3TLtVX5wOrXI2MaMDFxgL
0rU3Yr1xAqsFNqEhhlaYnMBCNWxC0a9TYp4fH96wthbjt0cr2dLTnq7sikIcMqe6
NjqbogdXQlITIfd8urPY9bxYrTrCiZyAl+MDeYCevyOYsNlcIa6tgg+lptBOzNzc
ATXWiHY2/hdip5HZMdpW8chle5xVEkE4Kv2l+8efh1THw7sNpDpodG51scz5hBM7
Bz4YTYhfhze4gI54tl/UUTfE+0Jzsv0e5c0UZwWIBOw2HEBpbSmcZ+1GK7mpG00p
IM5aMXIk
=PFOr
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#915909: cups: CVE-2018-4700: Linux session cookies used a predictable random number seed
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Processed: Re: Bug#915902: cups-client: Printing to a queue with a URI of file:/home/... is not possible
Next by Date: Processing of cups_2.3~b6-1_source.changes
Previous by thread: Bug#915909: marked as done (cups: CVE-2018-4700: Linux session cookies used a predictable random number seed)
Next by thread: Processed: found 915909 in 2.2.1-8
Index(es):
- Date
- Thread