Bug#1038885: marked as done (cups: CVE-2023-34241: use-after-free in cupsdAcceptClient())

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Thu, 29 Jun 2023 22:02:09 +0000
with message-id <E1qEziL-00CdrW-1p@fasolo.debian.org>
and subject line Bug#1038885: fixed in cups 2.4.2-3+deb12u1
has caused the Debian Bug report #1038885,
regarding cups: CVE-2023-34241: use-after-free in cupsdAcceptClient()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1038885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038885
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: cups: CVE-2023-34241: use-after-free in cupsdAcceptClient()
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Thu, 22 Jun 2023 16:20:16 +0200
• Message-id: <[🔎] 168744361601.515876.11998091275567001946.reportbug@eldamar.lan>

Source: cups
Version: 2.4.2-4
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for cups.

CVE-2023-34241[0]:
| use-after-free in cupsdAcceptClient()


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-34241
    https://www.cve.org/CVERecord?id=CVE-2023-34241
[1] https://www.openwall.com/lists/oss-security/2023/06/22/4

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 1038885-close@bugs.debian.org
• Subject: Bug#1038885: fixed in cups 2.4.2-3+deb12u1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Thu, 29 Jun 2023 22:02:09 +0000
• Message-id: <E1qEziL-00CdrW-1p@fasolo.debian.org>
• Reply-to: Thorsten Alteholz <debian@alteholz.de>

Source: cups
Source-Version: 2.4.2-3+deb12u1
Done: Thorsten Alteholz <debian@alteholz.de>

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038885@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jun 2023 10:54:05 +0200
Source: cups
Architecture: source
Version: 2.4.2-3+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1038885
Changes:
 cups (2.4.2-3+deb12u1) bookworm; urgency=medium
 .
   * CVE-2023-34241 (Closes: #1038885)
     use-after-free in cupsdAcceptClient()
 .
   * CVE-2023-32324
     A heap buffer overflow vulnerability would allow a remote attacker to
     lauch a dos attack.
Checksums-Sha1:
 1baee7a0c659200aba53b7568e17e9fcf3a2b79f 3154 cups_2.4.2-3+deb12u1.dsc
 229fe56619e88ee6b229fcb1a401bbb825b958c0 382676 cups_2.4.2-3+deb12u1.debian.tar.xz
 67f6bdc1cb7733fce91d8707ffc78da928dcef4f 13931 cups_2.4.2-3+deb12u1_amd64.buildinfo
Checksums-Sha256:
 ab51565316df30eac4c8da08b4878bc3c176f31e26fba1c8649e984ec0211348 3154 cups_2.4.2-3+deb12u1.dsc
 a01103a924b52ffb96693cc6417bca6c1193d2cc035647bf1f2c2b8703333c51 382676 cups_2.4.2-3+deb12u1.debian.tar.xz
 2837b95f34295e40cf6144349c1b134a8c5b4a7250c8d266974b39adc8dc9901 13931 cups_2.4.2-3+deb12u1_amd64.buildinfo
Files:
 2e80c2c5bd7d5ae561dbd9d89eeefe7a 3154 net optional cups_2.4.2-3+deb12u1.dsc
 9ab5fde302154dcd4afc94ee5a7b3b41 382676 net optional cups_2.4.2-3+deb12u1.debian.tar.xz
 dd48f55a25469b5dbd690f65f35a0a19 13931 net optional cups_2.4.2-3+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmScqbdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRyhrEACDV4ifP/Yjn4/abu/rbrYPt996cS/B
FKxtEznGQxmaC7Q+i3nkNsovCEfGMdik8xyqFMKW9YpTG6TCZEK49oYNSw1vfwsk
kqbzDUqFVVvP8GUTZQnjxjCgzFgyID1JPDLk7+SU0eG6mwg1jGo8uS18YI5UDb4t
lCgGsMO6GLWHNiS+Nn96bJTYeFwoDRdyAfLtQr6XzINz7ii1jjPcBIscYKhWYzBA
oFTc2Xcy6X7ovdtZRXhvIP22yLrwVQV7ICux0w+TAuLcVlFMcy+ISSjjZqM4lZRV
wAXZveKeIfkG+YrhrnQapEYuBtloqunbO5vUOo7h2bYnIWcg2BJuibzvKEwFEPQe
vk2VrUQwUfJgxr95IfQo6jdo1VPAi3dQlL4riSwuwcO7L4hAytHGOnpSHxjC/Nr5
eylQt7SLWm0fbNYXXJa+SEubMlMne2D32PDo6t3KwQZMC4bIX0EXRMD3SdGei4w/
98PgmTgbQk7R0IdNgONlD4aR9SucGQe0cLYm+LgVe4sN+s2FUvGeAahojhepGIxT
ocEnoKdtdW1Z+Bd7oQBPmP0Ti8e9Jb1cQ3Ig5B5PB2MHYJ2fhzDTM8xG9A5p5hgx
WJluzVaYo5Dci0f/1xqRmAzsDOYIhbnx0QeG3KRUh8nkU3batEqsls58+vxXpA3p
+nfzdiMpQ/ZQag==
=i8rZ
-----END PGP SIGNATURE-----

--- End Message ---