Bug#958953: stretch-pu: package cups/2.2.1-8+deb9u6

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 958953@bugs.debian.org
Subject: Bug#958953: stretch-pu: package cups/2.2.1-8+deb9u6
From: "Didier 'OdyX' Raboud" <odyx@debian.org>
Date: Tue, 16 Jun 2020 19:15:45 +0000
Message-id: <[🔎] 08217bbfcfc9ef77e73fc9458f0324ca@debian.org>
Reply-to: "Didier 'OdyX' Raboud" <odyx@debian.org>, 958953@bugs.debian.org
In-reply-to: <[🔎] f9bf29d241af442042834898bc6e27e6df00db80.camel@adam-barratt.org.uk>
References: <[🔎] f9bf29d241af442042834898bc6e27e6df00db80.camel@adam-barratt.org.uk> <158797102298.93310.7827916217936802509.reportbug@gyllingar> <158797102298.93310.7827916217936802509.reportbug@gyllingar>

15 juin 2020 21:43 "Adam D. Barratt" <adam@adam-barratt.org.uk> a écrit:
> On Mon, 2020-04-27 at 09:03 +0200, Didier 'OdyX' Raboud wrote:
>> CVE-2020-3898 and CVE-2019-8842 got fixed in unstable and pending for
>> stable (#958814), after coordinated disclosure.
>> 
>> I'd like to fix these in an oldstable upload too:
>> 
>> cups (2.2.1-8+deb9u6) stretch; urgency=medium
>> 
>> * Backport upstream security fixes:
>> - CVE-2020-3898: heap-buffer-overflow in libcups’s
>> ppdFindOption()
>> function in ppd-mark.c
>> - CVE-2019-8842: The `ippReadIO` function may under-read an
>> extension
>> field
> 
> Please go ahead; sorry for the delay.

NP; uploaded.

Thanks for your time,

OdyX

Reply to:

References:
- Bug#958953: stretch-pu: package cups/2.2.1-8+deb9u6
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: user release.debian.org@packages.debian.org, usertagging 905385 ..., tagging 905385
Next by Date: Bug#918744: stretch-pu: package opensc/0.1.9-1~deb9u1
Previous by thread: Processed: Re: Bug#958953: stretch-pu: package cups/2.2.1-8+deb9u6
Next by thread: Bug#893548: stretch-pu: package python-icalendar/3.8-1+deb9u1
Index(es):
- Date
- Thread