[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1036224: marked as done (cups-filters: CVE-2023-24805)

Your message dated Sun, 28 May 2023 18:02:08 +0000
with message-id <E1q3KiW-001O1Q-Am@fasolo.debian.org>
and subject line Bug#1036224: fixed in cups-filters 1.28.7-1+deb11u2
has caused the Debian Bug report #1036224,
regarding cups-filters: CVE-2023-24805
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1036224: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036224
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: cups-filters
Version: 1.28.17-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for cups-filters.

CVE-2023-24805[0]:
| RCE in cups-filters, beh CUPS backend

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-24805
    https://www.cve.org/CVERecord?id=CVE-2023-24805
[1] https://www.openwall.com/lists/oss-security/2023/05/17/5
[2] https://github.com/OpenPrinting/cups-filters/commit/93e60d3df35

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: cups-filters
Source-Version: 1.28.7-1+deb11u2
Done: Thorsten Alteholz <debian@alteholz.de>

We believe that the bug you reported is fixed in the latest version of
cups-filters, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1036224@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated cups-filters package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 19 May 2023 18:25:20 +0200
Source: cups-filters
Architecture: source
Version: 1.28.7-1+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1036224
Changes:
 cups-filters (1.28.7-1+deb11u2) bullseye-security; urgency=high
 .
   * CVE-2023-24805
     prevent arbitrary command execution by escaping the quoting
     of the arguments in a job with a forged job title
     more information are available in the commit message at:
     https://github.com/OpenPrinting/cups-filters/commit/93e60d3df35
     (Closes: #1036224)
Checksums-Sha1:
 33e4a9a7f6e90302b7a0f887f1c7d3c2c55837cc 3042 cups-filters_1.28.7-1+deb11u2.dsc
 b4096e5aa17d8e398b5cc352490476175af508fd 1503052 cups-filters_1.28.7.orig.tar.xz
 b2b2ec4287bf64ad2c028d347fc2fc3cdd57b7d1 84664 cups-filters_1.28.7-1+deb11u2.debian.tar.xz
 0b7ecef714bb55c5ca559b64660879e27b8d5e2e 14325 cups-filters_1.28.7-1+deb11u2_amd64.buildinfo
Checksums-Sha256:
 a86d2ea49aff421fec10dc5a0aed5fd6d416253d7d4601b6c120cd4fb2af27d9 3042 cups-filters_1.28.7-1+deb11u2.dsc
 e4150902809c58dfff7089c9345f196ecd88e38bce2be4800fa4811a0902057d 1503052 cups-filters_1.28.7.orig.tar.xz
 77ef9081fc43a48c8af9d7e26243044bbf6df1b0939961e681fac26954c57872 84664 cups-filters_1.28.7-1+deb11u2.debian.tar.xz
 2af154a8c0584a7237baff3e863981a264ada0d3855b60bd71a551bca146f1f0 14325 cups-filters_1.28.7-1+deb11u2_amd64.buildinfo
Files:
 3b9e8eae79e47a7614a459e52e875263 3042 net optional cups-filters_1.28.7-1+deb11u2.dsc
 2efeed97e11ea5e157c5f4f2e0780fe7 1503052 net optional cups-filters_1.28.7.orig.tar.xz
 286307f71c1e960e374d90724d1ef148 84664 net optional cups-filters_1.28.7-1+deb11u2.debian.tar.xz
 18936f34ad8573e9976131f30bcd8a82 14325 net optional cups-filters_1.28.7-1+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmRp7o1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR2B0D/9o7C4NAyAiX5ChvI5FllsWSx/7Vvci
RKoaIuK+UIHqPDKtCnUdbp4xg4LaebX9Wj13Qpj/C80jPImBEuSmevyeEHWU8nt6
gVN7Cw6lcS+H6uJWZkDuI/qulSvJ/YyGSMLy/CEyRaKNbRyOHYHcFSQJvERIwr3g
HUZpV3PKZHs2S4ZvW8SQgaAiGx79PZ0WunzvM73Bvj911wsScwZieBrbhM//3OLq
5a23HM4jFoXXKvpOPIglCm76fYNh1166OVoI4IUlVfuKo3PlbCfLu+bHJj4/JLfO
xUzR9662IKPgDNvlU7P+O2q1BH7H6CGbCGBSJeyoYQV5zWE4rNETqo1o3ZvlNYzV
tn9Q4fax9cXEZUxGxAtMpQb9+435NkDA3rlnZwVScQKpTQneqansA5bvY+5IN1vr
hhdUpixtgSXYPqdg5R/hHsXQZrRadeqPmeDnyuZtb0qetiX7CFYIeHdTF5Wtrozg
NlmCMxo/LGpBW0eQ1+wOFvSsz1c5lYHdZJaIKqIi0b76L+YYSHEyIxezvi2GneK4
od10IB2srOy7wknPQaZ2Lo9KaKY43IpZ8uv515GpUmGRHUGoBs8fTlII/10Cr+Zn
DEcmxOKzkPoNQqU5CqLA+upVWVnhMhGNouRxD/M5Whrsbi+FeDcIJGVGEpXR/PCu
KBxsL9MX1Imnng==
=a6Lb
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: