Bug#1052361: bookworm-pu: cups/2.4.2-3+deb12u2
Control: tags -1 moreinfo
On Wed, 2023-09-20 at 21:05 +0000, Thorsten Alteholz wrote:
> The attached debdiff for cups fixes CVE-2023-4504 and CVE-2023-32360
> in
> Bookworm. These CVEs have been marked as no-dsa by the security
> team,
> but at least CVE-2023-32360 got an RC bug (#1051953).
>
+cups (2.4.2-6) unstable; urgency=low
+
+ In case this is not a fresh installation of cups, please double check
+ whether your cupsd.conf really does contain the limitiation for
+ "CUPS-Get-Document" (see patch 0015-CVE-2023-32360.patch)
Hmm. Is there a better way we can point users to the required change
here that doesn't require them knowing how to find patches applied to
the source package?
Regards,
Adam
Reply to: