Bug#1011769: marked as done (cups: CVE-2022-26691: authorization bypass when using "local" authorization)

To: Thorsten Alteholz <debian@alteholz.de>
Subject: Bug#1011769: marked as done (cups: CVE-2022-26691: authorization bypass when using "local" authorization)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 27 May 2022 00:33:03 +0000
Message-id: <[🔎] handler.1011769.D1011769.165361141616260.ackdone@bugs.debian.org>
Reply-to: 1011769@bugs.debian.org
References: <alpine.DEB.2.21.2205262325400.28228@postfach.intern.alteholz.me> <[🔎] 165357219863.1661168.4240411499056926933.reportbug@eldamar.lan>

Your message dated Thu, 26 May 2022 23:32:06 +0000 (UTC)
with message-id <alpine.DEB.2.21.2205262325400.28228@postfach.intern.alteholz.me>
and subject line Bug#1011769: fixed in cups 2.4.2-1
has caused the Debian Bug report #1011769,
regarding cups: CVE-2022-26691: authorization bypass when using "local" authorization
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1011769: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011769
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: cups: CVE-2022-26691: authorization bypass when using "local" authorization
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 26 May 2022 15:36:38 +0200
Message-id: <[🔎] 165357219863.1661168.4240411499056926933.reportbug@eldamar.lan>

Source: cups
Version: 2.4.1op1-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2.3.3op2-3+deb11u1
Control: found -1 2.3.3op2-3
Control: found -1 2.2.10-6+deb10u5
Control: found -1 2.2.10-6
Control: fixed -1 2.3.3op2-3+deb11u2
Control: fixed -1 2.2.10-6+deb10u6

Hi,

The following vulnerability was published for cups.

Thorsten, just filling for tracking in BTS.

CVE-2022-26691[0]:
| authorization bypass when using "local" authorization

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-26691
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 1011769-done@bugs.debian.org

Subject: Bug#1011769: fixed in cups 2.4.2-1

From: Thorsten Alteholz <debian@alteholz.de>

Date: Thu, 26 May 2022 23:32:06 +0000 (UTC)

Message-id: <alpine.DEB.2.21.2205262325400.28228@postfach.intern.alteholz.me>
Source: cups
Source-Version: 2.4.2-1
Done: Thorsten Alteholz <debian@alteholz.de>
Manually closing this bug as the fix for this CVE was done in version2.4.2-1.
  Thorsten
--- End Message ---

Reply to:

References:
- Bug#1011769: cups: CVE-2022-26691: authorization bypass when using "local" authorization
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: cups: status change on tests.reproducible-builds.org/debian
Next by Date: Bug#1011990: pappl: autopkgtest regression: fails on output to stderr
Previous by thread: Processed: cups: CVE-2022-26691: authorization bypass when using "local" authorization
Next by thread: rastertosag-gdi is marked for autoremoval from testing
Index(es):
- Date
- Thread