On Fri, Dec 7, 2012 at 22:31:33 +0100, Didier Raboud wrote: > Package: release.debian.org > Severity: normal > User: release.debian.org@packages.debian.org > Usertags: unblock > > Please unblock package cups as 1.5.3-2.9 fixes the security bug in > #692791 (lpadmin-to-root privilege escalation). In addition to that, it > also fixes a series of other "nice-to-have"'s from either upstream or > RedHat, some dependency-tightening between libraries and some > documentation fixes (such as putting under the Debian Printing Team > umbrella). > > The debdiff is attached (but it has many diff-of-diff's) and you can > find all that in the git repository too: > > http://anonscm.debian.org/gitweb/?p=pkg-cups/cups.git;a=shortlog;h=refs/heads/master-wheezy > > I'm aware the diff is quite extensive but I made sure to keep the > changes self-contained (mostly) and in different patches. Don't hesitate > to ask for details on specific parts of that diff, I'm open to dropping > specific patches if it helps migrating that important security fix into > Wheezy. > Questions: - what does "mv /etc/cups/cupsd.conf /etc/cups/cupsd.conf.conffile-bak" in preinst achieve? - in cups-dbus-utf8.patch, I'm wondering if the "if (str_len > buflen)" check isn't off-by-one? I can buy the rest of this. Cheers, Julien
Attachment:
signature.asc
Description: Digital signature