diff -Nru cups-2.4.1op1/debian/changelog cups-2.4.1op1/debian/changelog --- cups-2.4.1op1/debian/changelog 2022-05-27 11:53:01.000000000 +0000 +++ cups-2.4.1op1/debian/changelog 2023-05-25 12:42:49.000000000 +0000 @@ -1,3 +1,12 @@ +cups (2.4.1op1-1ubuntu4.2) jammy-security; urgency=medium + + * SECURITY UPDATE: DoS via buffer overflow in format_log_line + - debian/patches/CVE-2023-32324.patch: check _cups_strlcpy size in + cups/string.c. + - CVE-2023-32324 + + -- Marc Deslauriers Thu, 25 May 2023 08:42:49 -0400 + cups (2.4.1op1-1ubuntu4.1) jammy-security; urgency=medium * SECURITY UPDATE: Local authorization cert bypass diff -Nru cups-2.4.1op1/debian/patches/CVE-2023-32324.patch cups-2.4.1op1/debian/patches/CVE-2023-32324.patch --- cups-2.4.1op1/debian/patches/CVE-2023-32324.patch 1970-01-01 00:00:00.000000000 +0000 +++ cups-2.4.1op1/debian/patches/CVE-2023-32324.patch 2023-05-25 12:42:44.000000000 +0000 @@ -0,0 +1,29 @@ +From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Wed, 17 May 2023 12:59:57 -0400 +Subject: [PATCH] Consensus fix. + +--- + cups/string.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/cups/string.c ++++ b/cups/string.c +@@ -1,6 +1,7 @@ + /* + * String functions for CUPS. + * ++ * Copyright © 2023 by OpenPrinting. + * Copyright © 2007-2019 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products. + * +@@ -760,6 +761,9 @@ _cups_strlcpy(char *dst, /* O - D + size_t srclen; /* Length of source string */ + + ++ if (size == 0) ++ return (0); ++ + /* + * Figure out how much room is needed... + */ diff -Nru cups-2.4.1op1/debian/patches/series cups-2.4.1op1/debian/patches/series --- cups-2.4.1op1/debian/patches/series 2022-05-27 11:52:56.000000000 +0000 +++ cups-2.4.1op1/debian/patches/series 2023-05-25 12:42:44.000000000 +0000 @@ -14,3 +14,4 @@ 9120-scheduler-ipp-c-resolve-mdns-uri.patch CVE-2022-26691-1.patch CVE-2022-26691-2.patch +CVE-2023-32324.patch