Bug#958953: stretch-pu: package cups/2.2.1-8+deb9u6

To: Didier 'OdyX' Raboud <odyx@debian.org>, 958953@bugs.debian.org
Subject: Bug#958953: stretch-pu: package cups/2.2.1-8+deb9u6
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 15 Jun 2020 20:42:38 +0100
Message-id: <[🔎] f9bf29d241af442042834898bc6e27e6df00db80.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 958953@bugs.debian.org
In-reply-to: <158797102298.93310.7827916217936802509.reportbug@gyllingar>
References: <158797102298.93310.7827916217936802509.reportbug@gyllingar> <158797102298.93310.7827916217936802509.reportbug@gyllingar>

Control: tags -1 + confirmed

On Mon, 2020-04-27 at 09:03 +0200, Didier 'OdyX' Raboud wrote:
> CVE-2020-3898 and CVE-2019-8842 got fixed in unstable and pending for
> stable (#958814), after coordinated disclosure.
> 
> I'd like to fix these in an oldstable upload too:
> 
> cups (2.2.1-8+deb9u6) stretch; urgency=medium
> 
>   * Backport upstream security fixes:
>     - CVE-2020-3898: heap-buffer-overflow in libcups’s
> ppdFindOption()
>       function in ppd-mark.c
>     - CVE-2019-8842: The `ippReadIO` function may under-read an
> extension
>       field
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Reply to:

Prev by Date: Bug#918744: stretch-pu: package opensc/0.1.9-1~deb9u1
Next by Date: Processed: Re: Bug#958953: stretch-pu: package cups/2.2.1-8+deb9u6
Previous by thread: Bug#918744: stretch-pu: package opensc/0.1.9-1~deb9u1
Next by thread: Processed: Re: Bug#958953: stretch-pu: package cups/2.2.1-8+deb9u6
Index(es):
- Date
- Thread