Bug#1052361: bookworm-pu: cups/2.4.2-3+deb12u2

To: Thorsten Alteholz <debian@alteholz.de>, 1052361@bugs.debian.org
Subject: Bug#1052361: bookworm-pu: cups/2.4.2-3+deb12u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 23 Sep 2023 20:48:25 +0100
Message-id: <[🔎] cfb0c3878ccc895ef95655e26c1f6fd4dcf1a224.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1052361@bugs.debian.org
In-reply-to: <[🔎] alpine.DEB.2.21.2309202101170.29734@postfach.intern.alteholz.me>
References: <[🔎] alpine.DEB.2.21.2309202101170.29734@postfach.intern.alteholz.me> <[🔎] alpine.DEB.2.21.2309202101170.29734@postfach.intern.alteholz.me>

Control: tags -1 moreinfo

On Wed, 2023-09-20 at 21:05 +0000, Thorsten Alteholz wrote:
> The attached debdiff for cups fixes CVE-2023-4504 and CVE-2023-32360
> in 
> Bookworm. These CVEs have been marked as no-dsa by the security
> team, 
> but at least CVE-2023-32360 got an RC bug (#1051953).
> 

+cups (2.4.2-6) unstable; urgency=low
+
+  In case this is not a fresh installation of cups, please double check
+  whether your cupsd.conf really does contain the limitiation for
+  "CUPS-Get-Document" (see patch 0015-CVE-2023-32360.patch)

Hmm. Is there a better way we can point users to the required change
here that doesn't require them knowing how to find patches applied to
the source package?

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#1052361: bookworm-pu: cups/2.4.2-3+deb12u2
  - From: Thorsten Alteholz <debian@alteholz.de>

References:
- Bug#1052361: bookworm-pu: cups/2.4.2-3+deb12u2
  - From: Thorsten Alteholz <debian@alteholz.de>

Prev by Date: Processed: Re: Bug#1052229: bookworm-pu (pre-approval): gnome-shell/43.9-0+deb12u1
Next by Date: NEW changes in oldstable-new
Previous by thread: Bug#1052361: bookworm-pu: cups/2.4.2-3+deb12u2
Next by thread: Bug#1052361: bookworm-pu: cups/2.4.2-3+deb12u2
Index(es):
- Date
- Thread