Bug#1051953: marked as done (cups: CVE-2023-32360)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 01 Oct 2023 12:17:26 +0000
with message-id <E1qmvO2-00GniU-SM@fasolo.debian.org>
and subject line Bug#1051953: fixed in cups 2.3.3op2-3+deb11u4
has caused the Debian Bug report #1051953,
regarding cups: CVE-2023-32360
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1051953: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051953
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: cups: CVE-2023-32360
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Thu, 14 Sep 2023 20:54:07 +0200
• Message-id: <169471764717.1221463.1810205770444570870.reportbug@eldamar.lan>

Source: cups
Version: 2.4.2-5
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for cups.

CVE-2023-32360[0]:
| An authentication issue was addressed with improved state
| management. This issue is fixed in macOS Big Sur 11.7.7, macOS
| Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be
| able to access recently printed documents.

Severity choosen on RC level, due to an unautnethicated user beeing
able to access recently printed documents.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-32360
    https://www.cve.org/CVERecord?id=CVE-2023-32360
[1] https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 1051953-close@bugs.debian.org
• Subject: Bug#1051953: fixed in cups 2.3.3op2-3+deb11u4
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sun, 01 Oct 2023 12:17:26 +0000
• Message-id: <E1qmvO2-00GniU-SM@fasolo.debian.org>
• Reply-to: Thorsten Alteholz <debian@alteholz.de>

Source: cups
Source-Version: 2.3.3op2-3+deb11u4
Done: Thorsten Alteholz <debian@alteholz.de>

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1051953@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 19 Sep 2023 21:20:27 +0200
Source: cups
Architecture: source
Version: 2.3.3op2-3+deb11u4
Distribution: bullseye
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1051953
Changes:
 cups (2.3.3op2-3+deb11u4) bullseye; urgency=medium
 .
   * CVE-2023-4504
     Postscript parsing heap-based buffer overflow
   * CVE-2023-32360 (Closes: #1051953)
     authentication issue
Checksums-Sha1:
 ea5d6a48561d9a0a2c15aef7fd735c391347b077 3412 cups_2.3.3op2-3+deb11u4.dsc
 9a0e161983e563d32d6378266b4aa6a7ff574f4a 348312 cups_2.3.3op2-3+deb11u4.debian.tar.xz
 e86ee785cf08a06ce3bf19e593f5210152c93941 14313 cups_2.3.3op2-3+deb11u4_amd64.buildinfo
Checksums-Sha256:
 1341591ec10af52d967624a6cdcfd5c534dae90fc2ac5c1785bda79256b8a0b2 3412 cups_2.3.3op2-3+deb11u4.dsc
 ea713a8d0f4af85d0bda8caae6cf46cfd0fe2fbbfbeba932ed1e361c132486f9 348312 cups_2.3.3op2-3+deb11u4.debian.tar.xz
 e42391b44a48a18a127d5760ea66cd5e32d22cd3ba97efcfdc166922332e1a4c 14313 cups_2.3.3op2-3+deb11u4_amd64.buildinfo
Files:
 1fddcdc5cd6427ea53b30622972ab795 3412 net optional cups_2.3.3op2-3+deb11u4.dsc
 563353293f3c7abb57e90dad67b7bb94 348312 net optional cups_2.3.3op2-3+deb11u4.debian.tar.xz
 8c1ce37a495c41e300ea0caf10e4de8d 14313 net optional cups_2.3.3op2-3+deb11u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmUVv4tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR3acEAC1ki0BNsNnIyrgBHSINE+BgkP+1L0P
06/XYplenXi9pMPZd5nPKlVoB4+bYSzq2HyHjYlURARH+p44+3v8KVgvAW1Z1AgE
yRNxl71vc582Renm2TrxGQzdXtQgcyKa8MG5PS6eqUnjudlRlUuqxwlCoOeAEd3t
aCkVjcN4QtTwg9//ruNTYmhhYq1eA0ESujhFa96jy3N0UFFBMvoivWAGpelMr3lQ
erTAKZ5sj/bbmmOO4T7Scwo01iEP5qAPDQFyc+yTvWQPwKwrC8EWwgAHDit+Qb6u
XDtSkjgkZn6gnIf/DgY9wvHl2Iu1NIKDYyk/4WCztlOnQ4ao1t4xU+ONdCttRPni
8ciGlidSjl/4Bw0DTVi/lyYqFhUqPhE8T6ohYVgN2ClsZJZlWLnB/oouVlMknkCG
IKtkYhKLqTOHG+sUaMs0W30WYtGZMhrlOImjr807LyEMVJWjZV8smQClO++vp/0w
NA9/4+ms/1vw0dI4kM5Bmo4ZNU0aVWI+jd/OB/cfLSuHG5tpkW+1dLvUVeVUe87n
xxYlJua60AMwXQWnuPdwkJ1Ur0E/J0p6+pdsx4TIb8gnFMKKLPUbfE6EGdtbi9NZ
9NZLBc14hvk9S6/g8Sd+niHX8sYsFlgVLMqVW5wuZPXmntv+MY1lPZwJNVqmXODX
TLw5N89qkIvuMg==
=CQWF
-----END PGP SIGNATURE-----

--- End Message ---