Bug#1051953: marked as done (cups: CVE-2023-32360)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 01 Oct 2023 16:47:08 +0000
with message-id <E1qmzb2-000EGN-DQ@fasolo.debian.org>
and subject line Bug#1051953: fixed in cups 2.4.2-3+deb12u2
has caused the Debian Bug report #1051953,
regarding cups: CVE-2023-32360
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1051953: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051953
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: cups: CVE-2023-32360
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Thu, 14 Sep 2023 20:54:07 +0200
• Message-id: <169471764717.1221463.1810205770444570870.reportbug@eldamar.lan>

Source: cups
Version: 2.4.2-5
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for cups.

CVE-2023-32360[0]:
| An authentication issue was addressed with improved state
| management. This issue is fixed in macOS Big Sur 11.7.7, macOS
| Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be
| able to access recently printed documents.

Severity choosen on RC level, due to an unautnethicated user beeing
able to access recently printed documents.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-32360
    https://www.cve.org/CVERecord?id=CVE-2023-32360
[1] https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 1051953-close@bugs.debian.org
• Subject: Bug#1051953: fixed in cups 2.4.2-3+deb12u2
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sun, 01 Oct 2023 16:47:08 +0000
• Message-id: <E1qmzb2-000EGN-DQ@fasolo.debian.org>
• Reply-to: Thorsten Alteholz <debian@alteholz.de>

Source: cups
Source-Version: 2.4.2-3+deb12u2
Done: Thorsten Alteholz <debian@alteholz.de>

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1051953@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 19 Sep 2023 21:20:27 +0200
Source: cups
Architecture: source
Version: 2.4.2-3+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1051953
Changes:
 cups (2.4.2-3+deb12u2) bookworm; urgency=medium
 .
   * CVE-2023-4504
     Postscript parsing heap-based buffer overflow
   * CVE-2023-32360 (Closes: #1051953)
     authentication issue
Checksums-Sha1:
 886b1d443979a78c074f0a945c9b2d2b85b194f9 3154 cups_2.4.2-3+deb12u2.dsc
 6de94703ab0747c5703c0124ca0623687dc54b4b 383456 cups_2.4.2-3+deb12u2.debian.tar.xz
 5cb43b2fb54d6f99a6fb484cfa2346384bb6ba08 13931 cups_2.4.2-3+deb12u2_amd64.buildinfo
Checksums-Sha256:
 f5eb46905640c0af4ae60e15d9995107a691f9d311b36e11cc5c4a2e8782fd17 3154 cups_2.4.2-3+deb12u2.dsc
 f0d0b0246fe74a4f88eac320505a61ca60ae5747a19bf58f06db67e913a8712b 383456 cups_2.4.2-3+deb12u2.debian.tar.xz
 46e4295b446de044938c2978446ac55d049735caeb7df61756b2a9952ef46d69 13931 cups_2.4.2-3+deb12u2_amd64.buildinfo
Files:
 1d4918158862d6133b45d68be30c7243 3154 net optional cups_2.4.2-3+deb12u2.dsc
 b2546e4523b0e26088d10daea5321c64 383456 net optional cups_2.4.2-3+deb12u2.debian.tar.xz
 5a46c26106a76d26e5603f9e2c480271 13931 net optional cups_2.4.2-3+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmUVv+dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR7hrD/4iXFHKBLs3ScH/AEP0xxTLpxCFLcEj
JyrtAnrOfnoOZdBPiiZBCaarhGz+MyK3TUPEjKwIAKqfYJ27yF9nWt9qecm4aLEO
qFVHIzNeJHqk6sw+G37I8R10N9oJN022CUeSZMRVF3yZs/8lOfsJOQ06YYOksKel
z4NcJdg3R5LRX3ZIvQfFGbJOwUuJt7NcxNqxY+b5DPkyUbcw1EYZGD0iftpRiDrg
MzyMF921SZyGaMp++HiY0EiPe1fuqN+9Q+HvpM+fQyL1CjhjtzhJEpGRkrETYLCE
+FUddVpzXxnwuZeBadOOJVkOS67Yn8BX5aoLHesjzZI2Iex2gF1cokAh3ytKtAUr
GcBild5Vv4sv+VK9OVr36kd6F3+EllrZcB4CQK26dhBWqBr2Pmc+pf+a9T7LGvKE
nVBSOq+t09cj92LOlGBvb4p9F1Zqlmr+gKknM3KaSmY1NzhmInihghfrpCZT/TgP
kxJ/yJV4DQEyh1xeVtO+oVm3E3gnKm/rhT6kgZYB+BksDBFBEVy7wfRbiB9uaeSD
IWgCseGabbFmj0Jow//Avd0FZzFburln8u4iKhaIQgdee9/LDzXNAMh3wdsWIlLU
icGWXWbdLEjJ15XlQff9/ihfHOyJC8G1+jHIzc7YhpjdPLVrp14YfaJsDAjanGjk
NNSXM8VPL/+EgQ==
=D97A
-----END PGP SIGNATURE-----

--- End Message ---