Bug#1051953: marked as done (cups: CVE-2023-32360)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Wed, 20 Sep 2023 17:49:17 +0000
with message-id <E1qj1K9-00GrN6-E9@fasolo.debian.org>
and subject line Bug#1051953: fixed in cups 2.4.2-6
has caused the Debian Bug report #1051953,
regarding cups: CVE-2023-32360
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1051953: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051953
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: cups: CVE-2023-32360
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Thu, 14 Sep 2023 20:54:07 +0200
• Message-id: <[🔎] 169471764717.1221463.1810205770444570870.reportbug@eldamar.lan>

Source: cups
Version: 2.4.2-5
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for cups.

CVE-2023-32360[0]:
| An authentication issue was addressed with improved state
| management. This issue is fixed in macOS Big Sur 11.7.7, macOS
| Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be
| able to access recently printed documents.

Severity choosen on RC level, due to an unautnethicated user beeing
able to access recently printed documents.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-32360
    https://www.cve.org/CVERecord?id=CVE-2023-32360
[1] https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 1051953-close@bugs.debian.org
• Subject: Bug#1051953: fixed in cups 2.4.2-6
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Wed, 20 Sep 2023 17:49:17 +0000
• Message-id: <E1qj1K9-00GrN6-E9@fasolo.debian.org>
• Reply-to: Thorsten Alteholz <debian@alteholz.de>

Source: cups
Source-Version: 2.4.2-6
Done: Thorsten Alteholz <debian@alteholz.de>

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1051953@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 19 Sep 2023 21:20:27 +0200
Source: cups
Architecture: source
Version: 2.4.2-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1051953
Changes:
 cups (2.4.2-6) unstable; urgency=medium
 .
   * CVE-2023-4504
     Postscript parsing heap-based buffer overflow
   * CVE-2023-32360 (Closes: #1051953)
     authentication issue
Checksums-Sha1:
 d86d47400714b839b865a69f662c89eff3eb3e31 3122 cups_2.4.2-6.dsc
 2d8131ab57130d160e08879f11de07a012dc51e3 383340 cups_2.4.2-6.debian.tar.xz
 6046b841b9492ccaef0b6b3c1c3bffab85ffa996 13522 cups_2.4.2-6_amd64.buildinfo
Checksums-Sha256:
 b96962376db22504617caf1dbd62d5b91eaa0775ec222380366f134dc495db6a 3122 cups_2.4.2-6.dsc
 34437967aa116c4cf525c8f76f82bb9ddd04fff064245cd6a7fc3190ec6221be 383340 cups_2.4.2-6.debian.tar.xz
 83cc1e229b53790ac920b3104bdf8b79f6f3d41a9073c2ec96238f4c536915a3 13522 cups_2.4.2-6_amd64.buildinfo
Files:
 073a8106cca47c6091074c9c284d38df 3122 net optional cups_2.4.2-6.dsc
 f39ed57d70d2b76ff12375081b9b405e 383340 net optional cups_2.4.2-6.debian.tar.xz
 f56929c831caad6c6313738cc6b4818c 13522 net optional cups_2.4.2-6_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmUKXTFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRxMaD/97eb9aNKRY9/3AX/vAji44XTNW270F
PHkUuzNEbnu79Z1nW2Ij1vGhVnYuEkB3Rfh9x3S1LbQ2u7q5zS9WK8oNKdxE50GX
oSCAIhrPltmKs5YFx9eR6yRUFwhw9w3EUfpDo2kK2vFvF3+RsNhgQ/352j62/6hg
vxcozIXueQFBLRXp3ORS0oxBOgu6UbQ6DDJUTSYQU6kJ/I3qvziYVU6VaJye8e/7
hRKPss4eozRyUCIwitDbkiqXqzSMha6AS3S7E0bNRxO0mUhwGzOHHF3uTgD6XHOD
Rgy73vht3sErJufrXosA9ukHqAZrVGJhK7IztUUw1v2jvrnLE6Ca/aPCQyhw8Z7E
QpkBtl+t8TbnM8QY0aIw8zBYC69TrPjkqDPRpMiFiSrx0B2aCKhpO5K/odNW6RSI
rI/7LwRkPM5ebUvWd0K8CzPsonTFaA5w07U7A6icRLuOB4/rt64jNHAXGR4nrSpb
IX/Ng01jBCkdjdP/iXXuiFsQgjSrahuccOr64T8wC4qn0DzZjA560xp73RWcoLBq
WL7CDiIUpjDCNqtvcgZbNy2M+y7bTiAw6pNlY0RG/T51Sj5lzbvY4SD5+Ya+4kW2
zgghISuWvNxzs2OqZBJvpDiROwx96o7l5Pb0MnZ5LPkWx8U3xup3UKC0tvT9ThZx
2Lq3CLGKZoN1xg==
=mHD/
-----END PGP SIGNATURE-----

--- End Message ---