Bug#1052363: bullseye-pu: cups/2.3.3op2-3+deb11u4
Control: tags -1 moreinfo
On Wed, 2023-09-20 at 21:40 +0000, Thorsten Alteholz wrote:
> The attached debdiff for cups fixes CVE-2023-4504 and CVE-2023-32360
> in
> Bullseye. These CVEs have been marked as no-dsa by the security team,
> but
> at least CVE-2023-32360 got anRC bug (#1051953).
>
+cups (2.4.2-6) unstable; urgency=low
+
+ In case this is not a fresh installation of cups, please double
check
+ whether your cupsd.conf really does contain the limitiation for
+ "CUPS-Get-Document" (see patch 0019-CVE-2023-32360.patch)
The same query as for bookworm applies here - do we expect users to
know how to find the patch?
Regards,
Adam
Reply to: