[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1007938: marked as done (buster-pu: package cups/2.2.10-6+deb10u5)

Your message dated Sat, 26 Mar 2022 12:02:22 +0000
with message-id <540de30a27d37c3ff416b94b1adf7ff2a2cab257.camel@adam-barratt.org.uk>
and subject line Closing requests for updates in 10.12
has caused the Debian Bug report #1007938,
regarding buster-pu: package cups/2.2.10-6+deb10u5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1007938: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007938
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
The attached debdiff for cups fixes CVE-2020-10001 in Buster. This CVE has been marked as no-dsa by the security team.
The same patch has been uploaded to Stretch already and nobody complained yet. 

  Thorsten


diff -Nru cups-2.2.10/debian/changelog cups-2.2.10/debian/changelog
--- cups-2.2.10/debian/changelog	2020-11-28 12:09:48.000000000 +0100
+++ cups-2.2.10/debian/changelog	2022-02-23 22:03:02.000000000 +0100
@@ -1,3 +1,12 @@
+cups (2.2.10-6+deb10u5) buster; urgency=medium
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2020-10001.patch
+    An input validation issue might allow a malicious application
+    to read restricted memory.
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Wed, 23 Feb 2022 22:03:02 +0100
+
 cups (2.2.10-6+deb10u4) buster; urgency=medium
 
   * Backport upstream fix:
diff -Nru cups-2.2.10/debian/.git-dpm cups-2.2.10/debian/.git-dpm
--- cups-2.2.10/debian/.git-dpm	2020-11-28 12:09:48.000000000 +0100
+++ cups-2.2.10/debian/.git-dpm	2022-02-23 22:03:02.000000000 +0100
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-e512765460ec633ad43872436b243021f252a69a
-e512765460ec633ad43872436b243021f252a69a
+cd650ee595b7905afba01cfe9c4479823f22704d
+cd650ee595b7905afba01cfe9c4479823f22704d
 25b2338346ef3abbb93ea88476887cba7b2b86f8
 25b2338346ef3abbb93ea88476887cba7b2b86f8
 cups_2.2.10.orig.tar.gz
diff -Nru cups-2.2.10/debian/patches/0053-CVE-2020-10001.patch cups-2.2.10/debian/patches/0053-CVE-2020-10001.patch
--- cups-2.2.10/debian/patches/0053-CVE-2020-10001.patch	1970-01-01 01:00:00.000000000 +0100
+++ cups-2.2.10/debian/patches/0053-CVE-2020-10001.patch	2022-02-23 22:03:02.000000000 +0100
@@ -0,0 +1,49 @@
+From cd650ee595b7905afba01cfe9c4479823f22704d Mon Sep 17 00:00:00 2001
+From: Thorsten Alteholz <debian@alteholz.de>
+Date: Sat, 26 Feb 2022 02:20:21 +0100
+Subject: CVE-2020-10001
+
+---
+ cups/ipp.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/cups/ipp.c b/cups/ipp.c
+index 4ebb1da9c..ead8856c5 100644
+--- a/cups/ipp.c
++++ b/cups/ipp.c
+@@ -2870,7 +2870,8 @@ ippReadIO(void       *src,		/* I - Data source */
+   unsigned char		*buffer,	/* Data buffer */
+ 			string[IPP_MAX_TEXT],
+ 					/* Small string buffer */
+-			*bufptr;	/* Pointer into buffer */
++			*bufptr,	/* Pointer into buffer */
++			*bufend;	/* End of buffer */
+   ipp_attribute_t	*attr;		/* Current attribute */
+   ipp_tag_t		tag;		/* Current tag */
+   ipp_tag_t		value_tag;	/* Current value tag */
+@@ -3440,6 +3441,7 @@ ippReadIO(void       *src,		/* I - Data source */
+ 		}
+ 
+                 bufptr = buffer;
++                bufend = buffer + n;
+ 
+ 	       /*
+ 	        * text-with-language and name-with-language are composite
+@@ -3453,7 +3455,7 @@ ippReadIO(void       *src,		/* I - Data source */
+ 
+ 		n = (bufptr[0] << 8) | bufptr[1];
+ 
+-		if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string))
++		if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
+ 		{
+ 		  _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
+ 		                _("IPP language length overflows value."), 1);
+@@ -3480,7 +3482,7 @@ ippReadIO(void       *src,		/* I - Data source */
+                 bufptr += 2 + n;
+ 		n = (bufptr[0] << 8) | bufptr[1];
+ 
+-		if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
++		if ((bufptr + 2 + n) > bufend)
+ 		{
+ 		  _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
+ 		                _("IPP string length overflows value."), 1);
diff -Nru cups-2.2.10/debian/patches/series cups-2.2.10/debian/patches/series
--- cups-2.2.10/debian/patches/series	2020-11-28 12:09:48.000000000 +0100
+++ cups-2.2.10/debian/patches/series	2022-02-23 22:03:02.000000000 +0100
@@ -50,3 +50,4 @@
 0050-CVE-2020-3898-heap-buffer-overflow-in-libcups-s-ppdF.patch
 0051-CVE-2019-8842-The-ippReadIO-function-may-under-read-.patch
 0052-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch
+0053-CVE-2020-10001.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.12

Hi,

The updates referenced in these requests were included in oldstable as
part of today's 10.12 point release.

Regards,

Adam

--- End Message ---
Reply to: