Bug#891251: jessie-pu: package cups/1.7.5-11+deb8u3

To: Didier 'OdyX' Raboud <odyx@debian.org>, 891251@bugs.debian.org
Subject: Bug#891251: jessie-pu: package cups/1.7.5-11+deb8u3
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 08 Jun 2018 21:20:02 +0100
Message-id: <[🔎] 1528489202.2075.47.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 891251@bugs.debian.org
In-reply-to: <151941261494.25244.6627359278464114319.reportbug@gyllingar>
References: <151941261494.25244.6627359278464114319.reportbug@gyllingar> <151941261494.25244.6627359278464114319.reportbug@gyllingar>

Control: tags -1 + confirmed

On Fri, 2018-02-23 at 20:03 +0100, Didier 'OdyX' Raboud wrote:
> (Mirroring #891142 for stretch):
> 
> CUPS is affected by CVE-2017-18190: remote attackers could execute
> arbitrary
> IPP commands by sending POST requests to the CUPS daemon in
> conjunction with
> DNS rebinding. This was caused by a whitelisted
> "localhost.localdomain" entry.
> 
> According to the Security Team it doesn't warrant a DSA, but still
> makes sense
> to be addressed on Jessie (and Stretch). It was fixed independently
> on wheezy
> already.
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#892032: jessie-pu: package wayland/1.6.0-2
Next by Date: Processed: Re: Bug#891251: jessie-pu: package cups/1.7.5-11+deb8u3
Previous by thread: Processed: Re: Bug#892032: jessie-pu: package wayland/1.6.0-2
Next by thread: Processed: Re: Bug#891251: jessie-pu: package cups/1.7.5-11+deb8u3
Index(es):
- Date
- Thread