diff -Nru cups-2.4.1op1/debian/changelog cups-2.4.1op1/debian/changelog
--- cups-2.4.1op1/debian/changelog	2023-06-24 15:20:00.000000000 +0000
+++ cups-2.4.1op1/debian/changelog	2023-02-14 13:10:00.000000000 +0000
@@ -1,3 +1,29 @@
+cups (2.4.1op1-1ubuntu4.8) jammy; urgency=medium
+
+  * The "lpoptions" utility, when run as root was writing into the file
+    /root/.cups/lpoptions instread of /etc/cups/lpoptions. System software
+    should never write into /root/ (LP: #2052925).
+
+ -- Till Kamppeter <till.kamppeter@gmail.com>  Wed, 14 Feb 2023 14:10:00 +0100
+
+cups (2.4.1op1-1ubuntu4.7) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: Postscript parsing heap overflow
+    - debian/patches/CVE-2023-4504.patch: properly check for end of buffer
+      in cups/raster-interpret.c.
+    - CVE-2023-4504
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 15 Sep 2023 07:19:58 -0400
+
+cups (2.4.1op1-1ubuntu4.6) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: recently printed documents authentication issue
+    - debian/patches/CVE-2023-32360.patch: require authentication for
+      CUPS-Get-Document in conf/cupsd.conf.in.
+    - CVE-2023-32360
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 11 Sep 2023 12:29:43 -0400
+
 cups (2.4.1op1-1ubuntu4.5) jammy; urgency=medium
 
   * Fixes to assure color printing on color printers by default or on request
diff -Nru cups-2.4.1op1/debian/patches/CVE-2023-32360.patch cups-2.4.1op1/debian/patches/CVE-2023-32360.patch
--- cups-2.4.1op1/debian/patches/CVE-2023-32360.patch	1970-01-01 00:00:00.000000000 +0000
+++ cups-2.4.1op1/debian/patches/CVE-2023-32360.patch	2023-02-14 13:10:00.000000000 +0000
@@ -0,0 +1,28 @@
+From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <michael.r.sweet@gmail.com>
+Date: Tue, 6 Dec 2022 09:04:01 -0500
+Subject: [PATCH] Require authentication for CUPS-Get-Document.
+
+---
+ conf/cupsd.conf.in | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
+index b258849078..a07536f3e4 100644
+--- a/conf/cupsd.conf.in
++++ b/conf/cupsd.conf.in
+@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
+     Order deny,allow
+   </Limit>
+ 
+-  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
++  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
++    Require user @OWNER @SYSTEM
++    Order deny,allow
++  </Limit>
++
++  <Limit CUPS-Get-Document>
++    AuthType Default
+     Require user @OWNER @SYSTEM
+     Order deny,allow
+   </Limit>
diff -Nru cups-2.4.1op1/debian/patches/CVE-2023-4504.patch cups-2.4.1op1/debian/patches/CVE-2023-4504.patch
--- cups-2.4.1op1/debian/patches/CVE-2023-4504.patch	1970-01-01 00:00:00.000000000 +0000
+++ cups-2.4.1op1/debian/patches/CVE-2023-4504.patch	2023-02-14 13:10:00.000000000 +0000
@@ -0,0 +1,36 @@
+From a9a7daa77699bd58001c25df8a61a8029a217ddf Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Fri, 1 Sep 2023 16:47:29 +0200
+Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
+
+We didn't check for end of buffer if it looks there is an escaped
+character - check for NULL terminator there and if found, return NULL
+as return value and in `ptr`, because a lone backslash is not
+a valid PostScript character.
+---
+ cups/raster-interpret.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+--- a/cups/raster-interpret.c
++++ b/cups/raster-interpret.c
+@@ -1113,7 +1113,19 @@ scan_ps(_cups_ps_stack_t *st,		/* I  - S
+ 
+ 	    cur ++;
+ 
+-            if (*cur == 'b')
++	   /*
++	    * Return NULL if we reached NULL terminator, a lone backslash
++            * is not a valid character in PostScript.
++	    */
++
++	    if (!*cur)
++	    {
++	      *ptr = NULL;
++
++	      return (NULL);
++	    }
++
++	    if (*cur == 'b')
+ 	      *valptr++ = '\b';
+ 	    else if (*cur == 'f')
+ 	      *valptr++ = '\f';
diff -Nru cups-2.4.1op1/debian/patches/fix-lpoptions-as-root.patch cups-2.4.1op1/debian/patches/fix-lpoptions-as-root.patch
--- cups-2.4.1op1/debian/patches/fix-lpoptions-as-root.patch	1970-01-01 00:00:00.000000000 +0000
+++ cups-2.4.1op1/debian/patches/fix-lpoptions-as-root.patch	2023-02-14 13:10:00.000000000 +0000
@@ -0,0 +1,15 @@
+--- a/cups/dest.c
++++ b/cups/dest.c
+@@ -2080,7 +2080,11 @@
+ 
+   snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
+ 
+-  if (cg->home)
++  if (cg->home
++#ifndef _WIN32
++      && getuid() != 0
++#endif
++      )
+   {
+    /*
+     * Create ~/.cups subdirectory...
diff -Nru cups-2.4.1op1/debian/patches/series cups-2.4.1op1/debian/patches/series
--- cups-2.4.1op1/debian/patches/series	2023-06-24 15:20:00.000000000 +0000
+++ cups-2.4.1op1/debian/patches/series	2023-02-14 13:10:00.000000000 +0000
@@ -18,3 +18,6 @@
 CVE-2023-34241.patch
 check-colormodel-also-for-cmyk.patch
 dont-override-color-settings-from-print-dialog.patch
+CVE-2023-32360.patch
+CVE-2023-4504.patch
+fix-lpoptions-as-root.patch