Bug#1036548: unblock: cups-filters/1.28.17-3
Hi,
On Tue, May 23, 2023 at 03:55:26PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Mon, May 22, 2023 at 09:39:34AM +0000, Thorsten Alteholz wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> >
> > Please unblock and age package cups-filters
> >
> > [ Reason ]
> > CVE-2023-24805 (RCE due to missing input sanitising)
> >
> > [ Impact ]
> > The user would be vulnerable to remote code execution.
> >
> > [ Tests ]
> > There is no special test for this patch, only a POC that no
> > longer worked after applying the patch.
> >
> > [ Risks ]
> > The patch was provided by upstream and approved by the security team
> > (upload to Bullseye already done).
> >
> > [ Checklist ]
> > [x] all changes are documented in the d/changelog
> > [x] I reviewed all changes and I approve them
> > [x] attach debdiff against the package in testing
> >
> > unblock cups-filters/1.28.17-3
>
> FWIW, is was as well for bullseye released via a DSA. Thorsten, there
> seems to be as well a piuparts regression blocking it, can you have a
> look?
Looking at the log from
https://piuparts.debian.org/sid/fail/cups-browsed_1.28.17-3.log it
looks this can be ignored, as it is due to the adduser and piuparts
situation.
Regards,
Salvatore
Reply to: