Re: CUPS vulnerabilities (remote root compromise)
On Fri, Dec 20, 2002 at 12:17:18AM -0600, David Ehle wrote:
> Hello all,
> Is the Debian package of cups Vulnerable to the security issues
> detailed here?:
> It doesn't mentions version 1.1.15-4 explicitly, but the vulnerablites
> havn't been tested on many different Distros yet.
> If the Debian package is affected, does Mr. Licquia have a timetable on
> when our version will be patched?
Yes, it is vulnerable. The version in woody is 1.1.14-3, and an advisory is
pending. Unstable already has 1.1.18-1 which contains the fixes.
It sounds like you are running the testing version, in which case you must
handle your own security update.