Bug#934957: marked as done (cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696))

To: Didier Raboud <odyx@debian.org>
Subject: Bug#934957: marked as done (cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696))
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 26 Aug 2019 19:21:20 +0000
Message-id: <[🔎] handler.934957.D934957.156684705031734.ackdone@bugs.debian.org>
Reply-to: 934957@bugs.debian.org
References: <E1i2KUa-0002fc-Tg@fasolo.debian.org> <[🔎] 156603444191.24224.13571315068334315667.reportbug@eldamar.local>

Your message dated Mon, 26 Aug 2019 19:17:28 +0000
with message-id <E1i2KUa-0002fc-Tg@fasolo.debian.org>
and subject line Bug#934957: fixed in cups 2.2.1-8+deb9u4
has caused the Debian Bug report #934957,
regarding cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
934957: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934957
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696)

From: Salvatore Bonaccorso <carnil@debian.org>

Date: Sat, 17 Aug 2019 11:34:01 +0200

Message-id: <[🔎] 156603444191.24224.13571315068334315667.reportbug@eldamar.local>
Source: cups
Version: 2.2.10-6
Severity: grave
Tags: security upstream
Justification: user security hole

Hi

Filling for tracking. The recent 2.2.12[1] release includes fixes for
several security issues, two of those got CVEs and are related to SNMP
buffer overflows. [2] includes all those.

Regards,
Salvatore

 [1] https://github.com/apple/cups/releases/tag/v2.2.12
 [2] https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
--- End Message ---

--- Begin Message ---

To: 934957-close@bugs.debian.org
Subject: Bug#934957: fixed in cups 2.2.1-8+deb9u4
From: Didier Raboud <odyx@debian.org>
Date: Mon, 26 Aug 2019 19:17:28 +0000
Message-id: <E1i2KUa-0002fc-Tg@fasolo.debian.org>

Source: cups
Source-Version: 2.2.1-8+deb9u4

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 934957@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 21 Aug 2019 09:51:54 +0200
Source: cups
Architecture: source
Version: 2.2.1-8+deb9u4
Distribution: stretch
Urgency: low
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Closes: 934957
Changes:
 cups (2.2.1-8+deb9u4) stretch; urgency=low
 .
   * Fix multiple security/disclosure issues (Closes: #934957)
     - CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows
     - Fixed IPP buffer overflow
     - Fixed memory disclosure issue in the scheduler
     - Fixed DoS issues in the scheduler
Checksums-Sha1:
 ade8d6c82d6f60144870ce4b0060f504b0e3c225 3424 cups_2.2.1-8+deb9u4.dsc
 c60013687baa3048632c407f9d1409e24a1f2748 367156 cups_2.2.1-8+deb9u4.debian.tar.xz
 d46ec42be2fc8db532d95796da28ca3a59c3df3f 9375 cups_2.2.1-8+deb9u4_source.buildinfo
Checksums-Sha256:
 9770e8589f9c5270f902e5449ffc4d66626bb5694c027b5c1f2a26be6b4a3962 3424 cups_2.2.1-8+deb9u4.dsc
 f559e1674deab2abd95c3d688c3812cdd93ad79d2277d55769e44d2cdbafc08e 367156 cups_2.2.1-8+deb9u4.debian.tar.xz
 cdc3a2676cdaf0efa9a0a5c41d07f14df2ab5c3f456097730c01392ffc6f4bf5 9375 cups_2.2.1-8+deb9u4_source.buildinfo
Files:
 beb4301bbd289dded70d4b9ce1f85334 3424 net optional cups_2.2.1-8+deb9u4.dsc
 62b60ea6017cb52cd175b0f7fc2490a1 367156 net optional cups_2.2.1-8+deb9u4.debian.tar.xz
 16ecb21ea3fb069a90a826720c4e634d 9375 net optional cups_2.2.1-8+deb9u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEe+WPIRpjNw1/GSB7i8+nHsoWNFUFAl1jiQIACgkQi8+nHsoW
NFU8JQv+LkHn+LinyJaxp0D814NUi+Wf1ospdUd4CiV1Ktb/7jErxPZ4vBtU4zpm
odGXVtxTBh/6V8kyH8fKH4/PYOVHbrefadOwLGz1GqF9vIGXAT0BlkVbdt56EDdy
hotY625F1oaK4bgPIUR4LluCnBa+xYFBUGgM6QXnIGaOSuxGlQ5XIQvXd5rRD7T8
CQe4Ek/pxPxEVsVW93uQi0xoZzjwtx1KwHAIceZ89iCewmI/nejsjaZmZqu3lYL0
mdCftHUCcoln63BWJHs3Dozz9Fr5ttCaRRad1baYPu2haznX8JftdFHwTG2ovgE2
EPkLnCuFUa6pfWKUQCWLG/luhsGpMNrQ4WZn+zOx8lnSTWq1+z+L0PbDzRCyVSTZ
HDeX28MQt7qDXCUOqsFKCqA0IphSwxyYdiRhOeOP2Bjlta+jDEuAWhloh6l2auS6
bLyvaBDXR7nOVGJru/XaDwbJXo4FWdJBTrfHCkmKfzN8Jbnl61omO+HCpsqB+W6L
HtuX9Ml2
=WPIv
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#934957: cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696)
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#934957: marked as done (cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696))
Next by Date: cups_2.2.10-6+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Previous by thread: Bug#934957: marked as done (cups: multiple security issues (including CVEified CVE-2019-8675 and CVE-2019-8696))
Next by thread: Processing of cups_2.2.12-1_source.changes
Index(es):
- Date
- Thread