[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#891251: jessie-pu: package cups/1.7.5-11+deb8u3



Control: tags -1 + confirmed

On Fri, 2018-02-23 at 20:03 +0100, Didier 'OdyX' Raboud wrote:
> (Mirroring #891142 for stretch):
> 
> CUPS is affected by CVE-2017-18190: remote attackers could execute
> arbitrary
> IPP commands by sending POST requests to the CUPS daemon in
> conjunction with
> DNS rebinding. This was caused by a whitelisted
> "localhost.localdomain" entry.
> 
> According to the Security Team it doesn't warrant a DSA, but still
> makes sense
> to be addressed on Jessie (and Stretch). It was fixed independently
> on wheezy
> already.
> 

Please go ahead; sorry for the delay.

Regards,

Adam


Reply to: