Bug#934957: marked as done (cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696))

To: Didier Raboud <odyx@debian.org>
Subject: Bug#934957: marked as done (cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696))
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 26 Aug 2019 19:21:17 +0000
Message-id: <[🔎] handler.934957.D934957.156684703131549.ackdone@bugs.debian.org>
Reply-to: 934957@bugs.debian.org
References: <E1i2KUG-0002Yc-Dj@fasolo.debian.org> <[🔎] 156603444191.24224.13571315068334315667.reportbug@eldamar.local>

Your message dated Mon, 26 Aug 2019 19:17:08 +0000
with message-id <E1i2KUG-0002Yc-Dj@fasolo.debian.org>
and subject line Bug#934957: fixed in cups 2.2.10-6+deb10u1
has caused the Debian Bug report #934957,
regarding cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
934957: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934957
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696)

From: Salvatore Bonaccorso <carnil@debian.org>

Date: Sat, 17 Aug 2019 11:34:01 +0200

Message-id: <[🔎] 156603444191.24224.13571315068334315667.reportbug@eldamar.local>
Source: cups
Version: 2.2.10-6
Severity: grave
Tags: security upstream
Justification: user security hole

Hi

Filling for tracking. The recent 2.2.12[1] release includes fixes for
several security issues, two of those got CVEs and are related to SNMP
buffer overflows. [2] includes all those.

Regards,
Salvatore

 [1] https://github.com/apple/cups/releases/tag/v2.2.12
 [2] https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
--- End Message ---

--- Begin Message ---

To: 934957-close@bugs.debian.org
Subject: Bug#934957: fixed in cups 2.2.10-6+deb10u1
From: Didier Raboud <odyx@debian.org>
Date: Mon, 26 Aug 2019 19:17:08 +0000
Message-id: <E1i2KUG-0002Yc-Dj@fasolo.debian.org>

Source: cups
Source-Version: 2.2.10-6+deb10u1

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 934957@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 21 Aug 2019 09:43:13 +0200
Source: cups
Architecture: source
Version: 2.2.10-6+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Closes: 934957
Changes:
 cups (2.2.10-6+deb10u1) buster; urgency=medium
 .
   * Fix multiple security/disclosure issues (Closes: #934957)
     - CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows
     - Fixed IPP buffer overflow
     - Fixed memory disclosure issue in the scheduler
     - Fixed DoS issues in the scheduler
Checksums-Sha1:
 9999fdf692cf02a69100516c764ca2a944eccfbf 3298 cups_2.2.10-6+deb10u1.dsc
 24a3b38dbc3b3a1bddfd952b213ac10fbfd0a0f3 359492 cups_2.2.10-6+deb10u1.debian.tar.xz
Checksums-Sha256:
 e1299bb28c84da7b9d1804644af1e6a94d58b12616e79387a10dc8bee9b729c7 3298 cups_2.2.10-6+deb10u1.dsc
 633d16cb2574b054b6de5cf82552d19877078e1e6d39bd4cce82eca456f7e7c6 359492 cups_2.2.10-6+deb10u1.debian.tar.xz
Files:
 9649472f7bcdeeb53e5ea07c7f67af29 3298 net optional cups_2.2.10-6+deb10u1.dsc
 fc09c5401009ef190fcee43302d592c4 359492 net optional cups_2.2.10-6+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEe+WPIRpjNw1/GSB7i8+nHsoWNFUFAl1jh3EACgkQi8+nHsoW
NFXPAQv9EDcd9zEYJR8lrofQWtWyo60NAJoKoiRpSEym+7yWWDqBq1TpWgelh+8k
8QMjcVp5422FEdgmW9urbVC0p1taXX7z2rJD6ESa00Vkgv2YC83ypm0VJSH4hrMO
ohXdoGdN0cx0eAxiazd8nuTgLk9D4NrcVdL9UkFCgDrqld094TcUaqEH7ntJvg8B
Kaxka6eD2le7gyZ1tHMXV5oafjr+yCjMNF7l2UiLRZoZq3LPG2HNnzoIKRy83MB6
BPositO6RHY0xeouKxDDjRp2N3XFsbtEHvwtKLokl26eQP31RPYeAPIQcF9FMZQz
+2bPEIXFSCgTHajDcUKaleZu+tkOLaY3q2foKRua5l+elVTvqvcffCFZyNfg5Tnb
LxVkAxsLCsJTSuK+ePYkDpH7Fw746BcPs7yjinBkBjeiZQa+g1YuJOLa6OSizQ4o
Qvw3l663hjtC0FsS6C/uCj736cktam63x/OjTjE0Tfg2a5qVvuMm8TjQPb2CaxVU
rdmn1V00
=Jo2x
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#934957: cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696)
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: cups_2.2.10-6+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new
Next by Date: Bug#934957: marked as done (cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696))
Previous by thread: Bug#934957: cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696)
Next by thread: Bug#934957: marked as done (cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696))
Index(es):
- Date
- Thread