Your message dated Tue, 31 Dec 2019 13:34:21 +0100 with message-id <3140159.C3DdJMHqKg@odyx.org> and subject line Re: Bug#946782: cups: CVE-2019-2228 has caused the Debian Bug report #946782, regarding cups: CVE-2019-2228 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 946782: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946782 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: cups: CVE-2019-2228
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sun, 15 Dec 2019 21:06:42 +0100
- Message-id: <[🔎] 157644040276.697720.2529793640389677681.reportbug@eldamar.local>
Source: cups Version: 2.3.0-7 Severity: important Tags: security upstream Control: found -1 2.2.10-6+deb10u1 Control: found -1 2.2.1-8+deb9u2 Control: found -1 2.2.1-8+deb9u4 Control: found -1 2.2.1-8 Hi, The following vulnerability was published for cups. CVE-2019-2228[0]: | In array_find of array.c, there is a possible out-of-bounds read due | to an incorrect bounds check. This could lead to local information | disclosure in the printer spooler with no additional execution | privileges needed. User interaction is not needed for | exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 | Android-9 Android-10Android ID: A-111210196 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-2228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2228 Please adjust the affected versions in the BTS as needed. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.3.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
- To: Salvatore Bonaccorso <carnil@debian.org>, 946782-done@bugs.debian.org
- Subject: Re: Bug#946782: cups: CVE-2019-2228
- From: Didier 'OdyX' Raboud <odyx@debian.org>
- Date: Tue, 31 Dec 2019 13:34:21 +0100
- Message-id: <3140159.C3DdJMHqKg@odyx.org>
- In-reply-to: <[🔎] 157644040276.697720.2529793640389677681.reportbug@eldamar.local>
- References: <[🔎] 157644040276.697720.2529793640389677681.reportbug@eldamar.local>
Version: 2.3.1-1 Le dimanche, 15 décembre 2019, 21.06:42 h CET Salvatore Bonaccorso a écrit : > Source: cups > Version: 2.3.0-7 > Severity: important > Tags: security upstream > Control: found -1 2.2.10-6+deb10u1 > Control: found -1 2.2.1-8+deb9u2 > Control: found -1 2.2.1-8+deb9u4 > Control: found -1 2.2.1-8 > > Hi, > > The following vulnerability was published for cups. > > CVE-2019-2228[0]: > | In array_find of array.c, there is a possible out-of-bounds read due > | to an incorrect bounds check. This could lead to local information > | disclosure in the printer spooler with no additional execution > | privileges needed. User interaction is not needed for > | exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 > | Android-9 Android-10Android ID: A-111210196 This was fixed in 2.3.1-1, but I forgot the debbugs number. I'll prepare the buster and stretch fixes now. Cheers, OdyXAttachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---