[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1036548: unblock: cups-filters/1.28.17-3

Hi,

On Mon, May 22, 2023 at 09:39:34AM +0000, Thorsten Alteholz wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock and age package cups-filters
> 
> [ Reason ]
> CVE-2023-24805 (RCE due to missing input sanitising)
> 
> [ Impact ]
> The user would be vulnerable to remote code execution.
> 
> [ Tests ]
> There is no special test for this patch, only a POC that no
> longer worked after applying the patch.
> 
> [ Risks ]
> The patch was provided by upstream and approved by the security team
> (upload to Bullseye already done).
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> unblock cups-filters/1.28.17-3

FWIW, is was as well for bullseye released via a DSA. Thorsten, there
seems to be as well a piuparts regression blocking it, can you have a
look?

Regards,
Salvatore
Reply to: