Change log for cupsys package in Ubuntu
1 → 75 of 157 results | First • Previous • Next • Last |
cupsys (1.3.7-1ubuntu3.16) hardy-security; urgency=low * SECURITY UPDATE: privilege escalation via config file editing - debian/patches/CVE-2012-5519.dpatch: split configuration file into two, to isolate options that have a security impact. - debian/cupsys.install: also install cups-files.conf - debian/patches/removecvstag.dpatch: updated to remove tag from cups-files.conf. - CVE-2012-5519 -- Marc Deslauriers <email address hidden> Mon, 03 Dec 2012 09:49:14 -0500
Available diffs
cupsys (1.3.7-1ubuntu3.13) hardy-security; urgency=low * SECURITY UPDATE: arbitrary code execution via missing code words - debian/patches/CVE-2011-2896.dpatch: improve logic in filter/image-gif.c. - CVE-2011-2896 * SECURITY UPDATE: arbitrary code execution via incorrect code word handling - debian/patches/CVE-2011-3170.dpatch: don't overflow in filter/image-gif.c. - CVE-2011-3170 -- Marc Deslauriers <email address hidden> Mon, 12 Sep 2011 09:41:09 -0400
Available diffs
cupsys (1.2.2-0ubuntu0.6.06.20) dapper-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via invalid free - debian/patches/CVE-2010-2941.dpatch: skip over and reserve unused tags in cups/ipp.{c,h}. - CVE-2010-2941 -- Marc Deslauriers <email address hidden> Tue, 02 Nov 2010 11:35:21 -0400
Available diffs
cupsys (1.3.7-1ubuntu3.12) hardy-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via invalid free - debian/patches/CVE-2010-2941.dpatch: skip over and reserve unused tags in cups/ipp.{c,h}. - CVE-2010-2941 -- Marc Deslauriers <email address hidden> Tue, 02 Nov 2010 11:22:58 -0400
Available diffs
cupsys (1.2.2-0ubuntu0.6.06.19) dapper-security; urgency=low * SECURITY UPDATE: cross-site request forgery in admin interface - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c, cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c, templates/*.tmpl. - CVE-2010-0540 * SECURITY UPDATE: denial of service or arbitrary code execution in texttops image filter - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in filter/texttops.c. - CVE-2010-0542 * SECURITY UPDATE: web interface memory disclosure - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c. - CVE-2010-1748 * SECURITY UPDATE: file overwrite vulnerability - debian/patches/security-str3510.dpatch: introduce cups_open() in cups/file.c and use to make sure hard-linked or symlinked files don't get overwritten as root. - No CVE number -- Marc Deslauriers <email address hidden> Fri, 18 Jun 2010 10:37:35 -0400
Available diffs
cupsys (1.3.7-1ubuntu3.11) hardy-security; urgency=low * SECURITY UPDATE: cross-site request forgery in admin interface - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c, cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c, templates/*.tmpl. - CVE-2010-0540 * SECURITY UPDATE: denial of service or arbitrary code execution in texttops image filter - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in filter/texttops.c. - CVE-2010-0542 * SECURITY UPDATE: web interface memory disclosure - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c. - CVE-2010-1748 * SECURITY UPDATE: file overwrite vulnerability - debian/patches/security-str3510.dpatch: introduce cups_open() in cups/file.c and use to make sure hard-linked or symlinked files don't get overwritten as root. - No CVE number -- Marc Deslauriers <email address hidden> Fri, 18 Jun 2010 10:32:12 -0400
Available diffs
cupsys (1.3.7-1ubuntu3.9) hardy-proposed; urgency=low * debian/patches/fix-lpstat.dpatch: Fix lpstat to work correctly against CUPS 1.4 servers. (LP: #497606) -- Evan Broder <email address hidden> Wed, 03 Mar 2010 18:06:14 -0500
Available diffs
cupsys (1.3.7-1ubuntu3.8) hardy-security; urgency=low * SECURITY UPDATE: denial of service via use-after-free - debian/patches/CVE-2009-3553.dpatch: check fdptr->use and cupsd_inactive_fds in scheduler/select.c. - CVE-2009-3553 - CVE-2010-0302 * SECURITY UPDATE: privilege escalation via lppasswd tool - debian/patches/CVE-2010-0393.dpatch: don't allow environment variables to override directories in cups/globals.c and systemv/lppasswd.c. - CVE-2010-0393 -- Marc Deslauriers <email address hidden> Thu, 25 Feb 2010 11:00:51 -0500
Available diffs
cupsys (1.2.2-0ubuntu0.6.06.17) dapper-security; urgency=low * SECURITY UPDATE: privilege escalation via lppasswd tool - debian/patches/84_CVE-2010-0393.dpatch: don't allow environment variables to override directories in cups/globals.c and systemv/lppasswd.c. - CVE-2010-0393 -- Marc Deslauriers <email address hidden> Thu, 25 Feb 2010 11:04:17 -0500
Available diffs
cupsys (1.3.7-1ubuntu3.6) hardy-security; urgency=low * SECURITY UPDATE: XSS and CRLF injection in headers - debian/patches/CVE-2009-2820.dpatch: Introduce cgiClearVariables() in cgi-bin/{var.c,cgi.h}. Clear out variables in cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and clear out variables in cgi-bin/admin.c. Filter more characters in cgi-bin/template.c. - CVE-2009-2820 -- Marc Deslauriers <email address hidden> Fri, 30 Oct 2009 21:38:14 -0400
Available diffs
cupsys (1.2.2-0ubuntu0.6.06.15) dapper-security; urgency=low * SECURITY UPDATE: XSS and CRLF injection in headers - debian/patches/83_CVE-2009-2820.dpatch: Introduce cgiClearVariables() in cgi-bin/{var.c,cgi.h}. Clear out variables in cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and clear out variables in cgi-bin/admin.c. Filter more characters in cgi-bin/template.c. - CVE-2009-2820 -- Marc Deslauriers <email address hidden> Fri, 30 Oct 2009 21:40:07 -0400
Available diffs
cupsys (1.3.7-1ubuntu3.5) hardy-security; urgency=low * SECURITY UPDATE: Remote denial-of-service via IPP_TAG_UNSUPPORTED tags. - debian/patches/CVE-2009-0949.dpatch: make sure the name field exists in scheduler/ipp.c. - CVE-2009-0949 -- Marc Deslauriers <email address hidden> Mon, 01 Jun 2009 10:32:52 -0400
Available diffs
- diff from 1.3.7-1ubuntu3.4 to 1.3.7-1ubuntu3.5 (903 bytes)
cupsys (1.2.2-0ubuntu0.6.06.14) dapper-security; urgency=low * SECURITY UPDATE: Remote denial-of-service via IPP_TAG_UNSUPPORTED tags. - debian/patches/82_CVE-2009-0949.dpatch: make sure the name field exists in scheduler/ipp.c. - CVE-2009-0949 -- Marc Deslauriers <email address hidden> Mon, 01 Jun 2009 10:34:39 -0400
Available diffs
cupsys (1.2.2-0ubuntu0.6.06.13) dapper-security; urgency=low * SECURITY UPDATE: fix integer overflow via large TIFF file - debian/patches/81_CVE-2009-0163.dpatch: adjust CUPS_IMAGE_MAX_HEIGHT in filter/image-private.h - CVE-2009-0163 -- Jamie Strandboge <email address hidden> Wed, 15 Apr 2009 09:25:58 -0500
Available diffs
cupsys (1.3.2-1ubuntu7.10) gutsy-security; urgency=low * SECURITY UPDATE: fix integer overflow via large TIFF file - debian/patches/83_CVE-2009-0163.dpatch: adjust CUPS_IMAGE_MAX_HEIGHT in filter/image-private.h - CVE-2009-0163 -- Jamie Strandboge <email address hidden> Wed, 15 Apr 2009 09:21:58 -0500
Available diffs
- diff from 1.3.2-1ubuntu7.9 to 1.3.2-1ubuntu7.10 (834 bytes)
cupsys (1.3.7-1ubuntu3.4) hardy-security; urgency=low * SECURITY UPDATE: fix integer overflow via large TIFF file - debian/patches/CVE-2009-0163.dpatch: adjust CUPS_IMAGE_MAX_HEIGHT in filter/image-private.h - CVE-2009-0163 -- Jamie Strandboge <email address hidden> Wed, 15 Apr 2009 09:19:42 -0500
Available diffs
- diff from 1.3.7-1ubuntu3.3 to 1.3.7-1ubuntu3.4 (830 bytes)
cupsys (1.3.7-1ubuntu3.3) hardy-security; urgency=low * SECURITY UPDATE: denial of service by adding a large number of RSS subscriptions (LP: #298241) - debian/patches/CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions being reached in scheduler/{ipp.c,subscriptions.c}. - CVE-2008-5183 * SECURITY UPDATE: unauthorized access to RSS subscription functions in web interface (LP: #298241) - debian/patches/CVE-2008-5184.dpatch: make sure user is authenticated in /cgi-bin/admin.c. - CVE-2008-5184 * SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG image with a large height value - This issue was introduced in the patch for CVE-2008-1722. - debian/patches/CVE-2008-1722.dpatch: adjust patch to multiply img->xsize instead of img->ysize so we don't overflow in filter/image-png.c. - CVE-2008-5286 * SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack - debian/filters/pstopdf: use the cleaned-up version from Debian. - CVE-2008-5377 -- Marc Deslauriers <email address hidden> Thu, 08 Jan 2009 10:29:38 -0500
Available diffs
cupsys (1.3.2-1ubuntu7.9) gutsy-security; urgency=low * SECURITY UPDATE: denial of service by adding a large number of RSS subscriptions (LP: #298241) - debian/patches/81_CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions being reached in scheduler/{ipp.c,subscriptions.c}. - CVE-2008-5183 * SECURITY UPDATE: unauthorized access to RSS subscription functions in web interface (LP: #298241) - debian/patches/82_CVE-2008-5184.dpatch: make sure user is authenticated in /cgi-bin/admin.c. - CVE-2008-5184 * SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG image with a large height value - This issue was introduced in the patch for CVE-2008-1722. - debian/patches/77_CVE-2008-1722.dpatch: adjust patch to multiply img->xsize instead of img->ysize so we don't overflow in filter/image-png.c. - CVE-2008-5286 * SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack - debian/filters/pstopdf: use the cleaned-up version from Debian. - CVE-2008-5377 -- Marc Deslauriers <email address hidden> Thu, 08 Jan 2009 10:28:34 -0500
Available diffs
cupsys (1.2.2-0ubuntu0.6.06.12) dapper-security; urgency=low * SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG image with a large height value - This issue was introduced in the patch for CVE-2008-1722. - debian/patches/77_CVE-2008-1722.patch: adjust patch to multiply img->xsize instead of img->ysize so we don't overflow in filter/image-png.c. - CVE-2008-5286 * SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack - debian/filters/pstopdf: use the cleaned-up version from Debian. - CVE-2008-5377 -- Marc Deslauriers <email address hidden> Thu, 08 Jan 2009 10:27:16 -0500
Available diffs
cupsys (1.3.7-1ubuntu3.2) hardy-proposed; urgency=low * debian/rules: Install the serial backend with 0700 permissions to make it run as root, since /dev/ttyS* are root:dialout and thus not accessible as user "lp". (LP: #154277) -- Martin Pitt <email address hidden> Wed, 26 Nov 2008 14:30:00 +0000
Available diffs
cupsys (1.3.7-1ubuntu3.1) hardy-security; urgency=low * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in the SGI filter - debian/patches/CVE-2008-3639_sgi_filter_overflow.dpatch: adjust filter/image-sgilib.c to properly check for xsize. Taken from Debian patch by Martin Pitt. - STR #2918 - CVE-2008-3639 * SECURITY UPDATE: integer overflow in texttops filter which could lead to heap-based overflow - debian/patches/CVE-2008-3640_texttops_overflow.dpatch: adjust textcommon.c and texttops.c to check for too large or negative page metrics. Taken from Debian patch by Martin Pitt. - STR #2919 - CVE-2008-3640 * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to arbitrary code execution - debian/patches/CVE-2008-3641_hpgl_filter_overflow.dpatch: adjust hpgl-attr.c to properly check for an invalid number of pens. Also includes fix for regression in orginal upstream patch which changed the color mapping and an off-by-one loop error. Taken from Debian patch by Martin Pitt. - STR #2911 - STR #2966 - CVE-2008-3641 -- Jamie Strandboge <email address hidden> Tue, 14 Oct 2008 13:17:07 -0500
Available diffs
cupsys (1.3.2-1ubuntu7.8) gutsy-security; urgency=low * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in the SGI filter - debian/patches/78_CVE-2008-3639.dpatch: adjust filter/image-sgilib.c to properly check for xsize. Taken from Debian patch by Martin Pitt. - STR #2918 - CVE-2008-3639 * SECURITY UPDATE: integer overflow in texttops filter which could lead to heap-based overflow - debian/patches/79_CVE-2008-3640.dpatch: adjust textcommon.c and texttops.c to check for too large or negative page metrics. Taken from Debian patch by Martin Pitt. - STR #2919 - CVE-2008-3640 * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to arbitrary code execution - debian/patches/80_CVE-2008-3641.dpatch: adjust hpgl-attr.c to properly check for an invalid number of pens. Also includes fix for regression in orginal upstream patch which changed the color mapping and an off-by-one loop error. Taken from Debian patch by Martin Pitt. - STR #2911 - STR #2966 - CVE-2008-3641 -- Jamie Strandboge <email address hidden> Tue, 14 Oct 2008 13:49:34 -0500
Available diffs
cupsys (1.2.2-0ubuntu0.6.06.11) dapper-security; urgency=low * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in the SGI filter - debian/patches/78_CVE-2008-3639.dpatch: adjust filter/image-sgilib.c to properly check for xsize. Taken from Debian patch by Martin Pitt. - STR #2918 - CVE-2008-3639 * SECURITY UPDATE: integer overflow in texttops filter which could lead to heap-based overflow - debian/patches/79_CVE-2008-3640.dpatch: adjust textcommon.c and texttops.c to check for too large or negative page metrics. Based on Debian patch by Martin Pitt. - STR #2919 - CVE-2008-3640 * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to arbitrary code execution - debian/patches/80_CVE-2008-3641.dpatch: adjust hpgl-attr.c to properly check for an invalid number of pens. Also includes fix for regression in orginal upstream patch which changed the color mapping and an off-by-one loop error. Taken from Debian patch by Martin Pitt. - STR #2911 - STR #2966 - CVE-2008-3641 * debian/patches/00list: apply 77_CVE-2008-1722.dpatch from previous update, which was not applied -- Jamie Strandboge <email address hidden> Tue, 14 Oct 2008 14:08:29 -0500
Available diffs
cupsys (1.2.8-0ubuntu8.6) feisty-security; urgency=low * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in the SGI filter - debian/patches/105_CVE-2008-3639.dpatch: adjust filter/image-sgilib.c to properly check for xsize. Taken from Debian patch by Martin Pitt. - STR #2918 - CVE-2008-3639 * SECURITY UPDATE: integer overflow in texttops filter which could lead to heap-based overflow - debian/patches/106_CVE-2008-3640.dpatch: adjust textcommon.c and texttops.c to check for too large or negative page metrics. Based on Debian patch by Martin Pitt. - STR #2919 - CVE-2008-3640 * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to arbitrary code execution - debian/patches/107_CVE-2008-3641.dpatch: adjust hpgl-attr.c to properly check for an invalid number of pens. Also includes fix for regression in orginal upstream patch which changed the color mapping and an off-by-one loop error. Taken from Debian patch by Martin Pitt. - STR #2911 - STR #2966 - CVE-2008-3641 -- Jamie Strandboge <email address hidden> Tue, 14 Oct 2008 14:02:18 -0500
Available diffs
cupsys (1.3.2-1ubuntu7.7) gutsy-security; urgency=low * SECURITY UPDATE: Denial of service and possibly arbitrary code execution * debian/patches/77_CVE-2008-1722.dpatch: fix for two integer overflows in filter/image-png.c. Taken from Debian SVN Head. * References CVE-2008-1722 LP: #219491 http://www.cups.org/str.php?L2790 -- Jamie Strandboge <email address hidden> Wed, 23 Apr 2008 12:59:45 -0400
cupsys (1.2.8-0ubuntu8.4) feisty-security; urgency=low * SECURITY UPDATE: Denial of service and possibly arbitrary code execution * debian/patches/104_CVE-2008-1722.dpatch: fix for two integer overflows in filter/image-png.c. Taken from Debian SVN Head. * References CVE-2008-1722 LP: #219491 http://www.cups.org/str.php?L2790 -- Jamie Strandboge <email address hidden> Thu, 24 Apr 2008 12:55:20 -0400
cupsys (1.2.2-0ubuntu0.6.06.9) dapper-security; urgency=low * SECURITY UPDATE: Denial of service and possibly arbitrary code execution * debian/patches/77_CVE-2008-1722.dpatch: fix for two integer overflows in filter/image-png.c. Taken from Debian SVN Head. * References CVE-2008-1722 LP: #219491 http://www.cups.org/str.php?L2790 -- Jamie Strandboge <email address hidden> Thu, 24 Apr 2008 13:02:31 -0400
cupsys (1.3.7-5) unstable; urgency=low * debian/cupsys-bsd.install: Remove daemon/cups-lpd. It really does not belong into -bsd. * debian/control: Add appropriate Conflicts/Replaces to older cupsys-bsd which shipped daemon/cups-lpd. (Closes: #477392)
cupsys (1.3.7-1ubuntu3) hardy; urgency=low * Add debian/patches/CVE-2008-1722.dpatch: Two integer overflows in png image filter allow a denial of service attack and possibly arbitrary code execution. [STR #2790, CVE-2008-1722]. Taken from Debian SVN head. -- Martin Pitt <email address hidden> Mon, 21 Apr 2008 17:54:33 +0200
Superseded in hardy-release |
cupsys (1.3.7-1ubuntu2) hardy; urgency=low * debian/control: Add missing build dependency lsb-release. This will bring back the lost AppArmor profile. (LP: #211375) Also wrap long fields, so that they are easier to edit. -- Martin Pitt <email address hidden> Sun, 06 Apr 2008 10:24:39 -0600
cupsys (1.3.2-1ubuntu7.6) gutsy-security; urgency=low * debian/patches/72_CVE-2008-0047.dpatch: Fix buffer overflow in cgiCompileSearch() using crafted search expressions. Exploitable if printer sharing is enabled. Thanks to Martin Pitt for supplying the patch. * debian/patches/73_CVE-2008-0882.dpatch: Fix double-free in process_browse_data(), which could be exploited to a remote DoS by sending crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the patch. * debian/patches/74_pid.dpatch: Specify PidFile in temporary directory in the self test's cupsd.conf. This affects the test suite (in the sense that it actually works now) and does not affect the built binaries at all. (Backported from trunk). Thanks to Martin Pitt for supplying the patch. * debian/patches/75_CVE-2008-0053.dpatch: Fix buffer overflows in ParseCommand() in hpgl-input.c by properly checking number of parameters * debian/patches/76_CVE-2008-1373.dpatch: Fix buffer overflow in gif_read_image() in image-gif.c by properly validating code_size * References CVE-2008-0047 CVE-2008-0882 CVE-2008-0053 CVE-2008-1373 http://www.cups.org/str.php?L2729 http://www.cups.org/str.php?L2656 -- Jamie Strandboge <email address hidden> Wed, 26 Mar 2008 10:56:23 -0400
cupsys (1.2.8-0ubuntu8.3) feisty-security; urgency=low * debian/patches/99_CVE-2008-0047.dpatch: Fix buffer overflow in cgiCompileSearch() using crafted search expressions. Exploitable if printer sharing is enabled. Thanks to Martin Pitt for supplying the patch. * debian/patches/100_CVE-2008-0882.dpatch: Fix double-free in process_browse_data(), which could be exploited to a remote DoS by sending crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the patch. * debian/patches/101_pid.dpatch: Specify PidFile in temporary directory in the self test's cupsd.conf. This affects the test suite (in the sense that it actually works now) and does not affect the built binaries at all. (Backported from trunk). Thanks to Martin Pitt for supplying the patch. * debian/patches/102_CVE-2008-0053.dpatch: Fix buffer overflows in ParseCommand() in hpgl-input.c by properly checking number of parameters * debian/patches/103_CVE-2008-1373.dpatch: Fix buffer overflow in gif_read_image() in image-gif.c by properly validating code_size * References CVE-2008-0047 CVE-2008-0882 CVE-2008-0053 CVE-2008-1373 http://www.cups.org/str.php?L2729 http://www.cups.org/str.php?L2656 -- Jamie Strandboge <email address hidden> Wed, 26 Mar 2008 13:59:53 -0400
cupsys (1.2.4-2ubuntu3.3) edgy-security; urgency=low * debian/patches/72_CVE-2008-0047.dpatch: Fix buffer overflow in cgiCompileSearch() using crafted search expressions. Exploitable if printer sharing is enabled. Thanks to Martin Pitt for supplying the patch. * debian/patches/73_CVE-2008-0882.dpatch: Fix double-free in process_browse_data(), which could be exploited to a remote DoS by sending crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the patch. * debian/patches/74_pid.dpatch: Specify PidFile in temporary directory in the self test's cupsd.conf. This affects the test suite (in the sense that it actually works now) and does not affect the built binaries at all. (Backported from trunk). Thanks to Martin Pitt for supplying the patch. * debian/patches/75_CVE-2008-0053.dpatch: Fix buffer overflows in ParseCommand() in hpgl-input.c by properly checking number of parameters * debian/patches/76_CVE-2008-1373.dpatch: Fix buffer overflow in gif_read_image() in image-gif.c by properly validating code_size * References CVE-2008-0047 CVE-2008-0882 CVE-2008-0053 CVE-2008-1373 http://www.cups.org/str.php?L2729 http://www.cups.org/str.php?L2656 -- Jamie Strandboge <email address hidden> Wed, 26 Mar 2008 14:13:26 -0400
cupsys (1.2.2-0ubuntu0.6.06.8) dapper-security; urgency=low * debian/patches/72_CVE-2008-0047.dpatch: Fix buffer overflow in cgiCompileSearch() using crafted search expressions. Exploitable if printer sharing is enabled. Thanks to Martin Pitt for supplying the patch. * debian/patches/73_CVE-2008-0882.dpatch: Fix double-free in process_browse_data(), which could be exploited to a remote DoS by sending crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the patch. * debian/patches/74_pid.dpatch: Specify PidFile in temporary directory in the self test's cupsd.conf. This affects the test suite (in the sense that it actually works now) and does not affect the built binaries at all. (Backported from trunk). Thanks to Martin Pitt for supplying the patch. * debian/patches/75_CVE-2008-0053.dpatch: Fix buffer overflows in ParseCommand() in hpgl-input.c by properly checking number of parameters * debian/patches/76_CVE-2008-1373.dpatch: Fix buffer overflow in gif_read_image() in image-gif.c by properly validating code_size * References CVE-2008-0047 CVE-2008-0882 CVE-2008-0053 CVE-2008-1373 http://www.cups.org/str.php?L2729 http://www.cups.org/str.php?L2656 -- Jamie Strandboge <email address hidden> Wed, 26 Mar 2008 15:02:55 -0400
Superseded in hardy-release |
cupsys (1.3.7-1ubuntu1) hardy; urgency=low * Merge new upstream bug fix release from unstable. - Fixes CUPS GIF image filter overflow [CVE-2008-1373]. (LP: #210718)
Superseded in hardy-release |
cupsys (1.3.6-3ubuntu1) hardy; urgency=low * Merge recent bug fixes and security fix from Debian unstable.
Superseded in hardy-release |
cupsys (1.3.6-2ubuntu2) hardy; urgency=low * debian/cupsys.postinst: Fix 'revert to single file' transitional code to also apply to newer versions in dapper-updates, remove a debugging statement, and fix syntax of the check. * debian/rules: Do not try to build a -dbg on Ubuntu, we removed it from the control file. -- Martin Pitt <email address hidden> Mon, 17 Mar 2008 17:01:32 +0100
Superseded in hardy-release |
cupsys (1.3.6-2ubuntu1) hardy; urgency=low * Merge with Debian unstable, where I applied most of our remaining Delta; Remaining Ubuntu changes: - debian/cupsys.{pre,post}inst, debian/cupsys.preinst: + Revert to single cupsd.conf file for upgrade from Dapper, can be dropped after releasing Hardy. + Revert usr/share/doc symlink/directory breakage for upgrade from Gutsy, can be dropped after releasing Hardy. - debian/control, debian/rules: Drop cupsys-dbg package. This is not worth keeping as the only delta, so we can sync this package after Hardy's release.
Superseded in hardy-release |
cupsys (1.3.6-1ubuntu2) hardy; urgency=low * debian/cupsys.preinst: - only chown /var/run/cups if it exists (LP: #156634) -- Michael Vogt <email address hidden> Mon, 10 Mar 2008 11:25:29 +0100
Superseded in hardy-release |
cupsys (1.3.6-1ubuntu1) hardy; urgency=low * Merge with Debian unstable to bring in the new upstream bugfix-only release and some packaging fixes. See 1.3.5-1ubuntu1 for list of remaining changes.
Superseded in hardy-release |
cupsys (1.3.5-2ubuntu1) hardy; urgency=low * debian/local/apparmor-profile: Added Kerberos authentication support to the AppArmor profile (LP: #189022).
Superseded in hardy-release |
cupsys (1.3.5-1ubuntu3) hardy; urgency=low [ Martin Pitt ] * debian/cupsys.init.d: Add Should-Start: avahi. (LP: #181122) [ Till Kamppeter ] * debian/local/backends/dnssd: Updated dnssd to filter out IPv6 entries, as they clutter the lists of detected printers and make the network printer discovery process taking more time than needed. Applied also a bug fix and the possibility of querying one IP address by calling the dnssd backend with the IP as command line argument (like the snmp CUPS backend). -- Till Kamppeter <email address hidden> Tue, 29 Jan 2008 19:01:06 +0000
Superseded in hardy-release |
cupsys (1.3.5-1ubuntu2) hardy; urgency=low * No-change rebuild against libldap-2.4-2. -- Steve Langasek <email address hidden> Tue, 22 Jan 2008 16:52:31 +0000
cupsys (1.3.2-1ubuntu7.5) gutsy-proposed; urgency=low * Add debian/patches/fix_regression_reactivate_net_ifaces_changes_detection.dpatch: Fix a regression in upstream code that has removed the network interface update poll, which caused sharing of local printers to not work for interfaces which turned up after cups startup. (CUPS STR #2631, LP: #177075).
cupsys (1.2.2-0ubuntu0.6.06.7) dapper-proposed; urgency=low * Reapply pending SRU which got superseded in -security. * Add debian/patches/60_ipp_read_busy_loop.dpatch: - Fix logic error that causes IPP client programs like gnome-cups-icon to sometimes get into a state where it uses 100% CPU time. - Properly handle ippReadIO() encountering IPP_IDLE and make sure to never return this to the outside world, since it is interpreted as an error condition which causes a busy loop. - Error out if the read callback doesn't return a value/group tag, which would confuse the higher layers. - Patch backported from upstream SVN (fixed in 1.2.11). - LP: #44196 -- Martin Pitt <email address hidden> Wed, 09 Jan 2008 09:14:42 +0100
Superseded in gutsy-proposed |
cupsys (1.3.2-1ubuntu7.4) gutsy-proposed; urgency=low [ Martin Pitt ] * debian/local/apparmor-profile: Reapply changes of previous SRU which got superseded by a security update: - Allow rw access to /dev/parport* and ro access to /proc/sys/dev/parport/**, so that parallel port printer detection works. - Allow bluetooth socket creation to unbreak the bluetooth backend. (LP: #147800) - Permit reading /etc/pnm2ppa.conf. (LP: #155530) - Only restrict backends which are shipped by cupsys itself (or known packages like cups-pdf). All other backends remain unrestricted, since we cannot predict which privileges they need. (LP: #152537) [ Till Kamppeter ] * debian/patches/cups-stops-broadcasting-on-HUP-with-explicit-BrowseAddress.dpatch: - CUPS stopped broadcasting on a HUP signal when using a fixed BrowseAddress (CUPS STR #2618, LP: #173470). -- Martin Pitt <email address hidden> Wed, 09 Jan 2008 09:03:49 +0100
cupsys (1.2.8-0ubuntu8.2) feisty-security; urgency=low * SECURITY UPDATE: tempfile race, denial of service in SNMP backend. * Add 70_CVE-2007-6358.dpatch, 71_CVE-2007-5849.dpatch: upstream fixes thanks to Kenshi Muto. * References CVE-2007-6358 CVE-2007-5849 -- Kees Cook <email address hidden> Mon, 07 Jan 2008 16:08:28 -0800
cupsys (1.2.4-2ubuntu3.2) edgy-security; urgency=low * SECURITY UPDATE: tempfile race, denial of service in SNMP backend. * Add 70_CVE-2007-6358.dpatch, 71_CVE-2007-5849.dpatch: upstream fixes thanks to Kenshi Muto. * References CVE-2007-6358 CVE-2007-5849 -- Kees Cook <email address hidden> Mon, 07 Jan 2008 16:08:28 -0800
Superseded in gutsy-security |
cupsys (1.3.2-1ubuntu7.3) gutsy-security; urgency=low * SECURITY UPDATE: tempfile race, denial of service in SNMP backend. * Add 70_CVE-2007-6358.dpatch, 71_CVE-2007-5849.dpatch: upstream fixes thanks to Kenshi Muto. * References CVE-2007-6358 CVE-2007-5849 -- Kees Cook <email address hidden> Mon, 07 Jan 2008 16:08:28 -0800
Superseded in dapper-security |
cupsys (1.2.2-0ubuntu0.6.06.6) dapper-security; urgency=low * SECURITY UPDATE: tempfile race, denial of service in SNMP backend. * Add 70_CVE-2007-6358.dpatch, 71_CVE-2007-5849.dpatch: upstream fixes thanks to Kenshi Muto. * References CVE-2007-6358 CVE-2007-5849 -- Kees Cook <email address hidden> Mon, 07 Jan 2008 16:08:28 -0800
Superseded in hardy-release |
cupsys (1.3.5-1ubuntu1) hardy; urgency=low * Merge with Debian unstable; remaining Ubuntu changes: - TearDown (fast shutdown): + debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency. + debian/rules: Use 'multiuser' update-rc.d mode. - debian/control, debian/rules: Drop cupsys-dbg package. - debian/cupsys.{pre,post}inst, debian/cupsys.preinst: Various upgrade fixes that need to be kept until after the next LTS: + Revert to single cupsd.conf file. + Remove obsolete rc.d links. + Revert usr/share/doc symlink/directory breakage. - debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a failed job instead of stopping the print queue. - debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by default. - Add AppArmor profile: + debian/local/apparmor-profile + debian/cupsys.postinst: Reload AA profile on configuration.
Superseded in hardy-release |
cupsys (1.3.4-2ubuntu3) hardy; urgency=low * debian/patches/cups-stops-broadcasting-on-HUP-with-explicit-BrowseAddress.dpatch: CUPS stopped broadcasting on a HUP signal when using a fixed BrowseAddress (CUPS STR #2618, LP: #173470). -- Till Kamppeter <email address hidden> Mon, 10 Dec 2007 0:01:06 +0000
Superseded in hardy-release |
cupsys (1.3.4-2ubuntu2) hardy; urgency=low [ Martin Pitt ] * debian/local/apparmor-profile: Run drivers (PPD generators) unconfined, since they run as non-root and there are third-party ones we cannot control. [ Till Kamppeter ] * debian/local/backends/dnssd: Updated dnssd to support Mac OS X servers which broadcast their print queues only via DNS-SD and require clients to create raw IPP queues pointing to the server's queues manually. -- Martin Pitt <email address hidden> Mon, 03 Dec 2007 11:22:57 +0100
Superseded in gutsy-proposed |
cupsys (1.3.2-1ubuntu7.2) gutsy-proposed; urgency=low * debian/local/apparmor-profile: - Allow rw access to /dev/parport* and ro access to /proc/sys/dev/parport/**, so that parallel port printer detection works. - Allow bluetooth socket creation to unbreak the bluetooth backend. (LP: #147800) - Permit reading /etc/pnm2ppa.conf. (LP: #155530) - Only restrict backends which are shipped by cupsys itself (or known packages like cups-pdf). All other backends remain unrestricted, since we cannot predict which privileges they need. (LP: #152537) -- Martin Pitt <email address hidden> Mon, 03 Dec 2007 10:07:09 +0100
Superseded in hardy-release |
cupsys (1.3.4-2ubuntu1) hardy; urgency=low * Merge with Debian unstable. Remaining Ubuntu changes: - TearDown (fast shutdown): + debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency. + debian/rules: Use 'multiuser' update-rc.d mode. - debian/control, debian/rules: Drop cupsys-dbg package. - debian/cupsys.{pre,post}inst, debian/cupsys.preinst: Various upgrade fixes that need to be kept until after the next LTS: + Revert to single cupsd.conf file. + Remove obsolete rc.d links. + Revert usr/share/doc symlink/directory breakage. - debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a failed job instead of stopping the print queue. - debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by default. - Add AppArmor profile: + debian/local/apparmor-profile + debian/cupsys.postinst: Reload AA profile on configuration. * Revert most of the doc symlinking changes from 1.3.2-1ubuntu4, since Ubuntu's cdbs does it by default now. Clean up a few other pieces of Debian-Ubuntu delta noise along the way. * debian/local/apparmor-profile: Only restrict backends which are shipped by cupsys itself (or known packages like cups-pdf). All other backends remain unrestricted, since we cannot predict which privileges they need. * debian/local/apparmor-profile: Run bluetooth backend confined again and allow opening bluetooth sockets.
Superseded in hardy-release |
cupsys (1.3.4-1ubuntu4) hardy; urgency=low * correct Replaces line in cupsys-common to make dapper->hardy upgrades work -- Michael Vogt <email address hidden> Fri, 30 Nov 2007 11:28:44 +0100
Superseded in hardy-release |
cupsys (1.3.4-1ubuntu3) hardy; urgency=low * debian/local/apparmor-profile: - Allow rw access to /dev/parport* and ro access to /proc/sys/dev/parport/**, so that parallel port printer detection works. - Allow unconfined execution of the bluetooth backend. AppArmor currently forbids creation of bluetooth sockets without providing a profile option to allow it (see bug #172534). (LP: #147800) - Permit reading /etc/pnm2ppa.conf. (LP: #155530) - Disable AA profile for Samsung's MFP driver, since it needs very high and unknown privileges and is a third-party driver which we cannot control. (LP: #152537) -- Martin Pitt <email address hidden> Wed, 28 Nov 2007 12:05:30 +0100
Superseded in hardy-release |
cupsys (1.3.4-1ubuntu2) hardy; urgency=low * debian/local/backends/dnssd, debian/rules, debian/cupsys.install, debian/cupsys.postinst, debian/cupsys.prerm, debian/cupsys.templates, debian/control: Added printer discovery backend "dnssd". Several cheaper printers, like the HP Color LaserJet 2600n, are not discovered by the "snmp" backend. In addition, this backend extracts more info from the printers than the "snmp" backend, like for example available page description languages. This leads to better driver choises for unknown printer models. -- Till Kamppeter <email address hidden> Fri, 23 Nov 2007 12:01:06 +0000
Superseded in dapper-proposed |
cupsys (1.2.2-0ubuntu0.6.06.5) dapper-proposed; urgency=low * Add debian/patches/60_ipp_read_busy_loop.dpatch: - Fix logic error that causes IPP client programs like gnome-cups-icon to sometimes get into a state where it uses 100% CPU time. - Properly handle ippReadIO() encountering IPP_IDLE and make sure to never return this to the outside world, since it is interpreted as an error condition which causes a busy loop. - Error out if the read callback doesn't return a value/group tag, which would confuse the higher layers. - Patch backported from upstream SVN (fixed in 1.2.11). - LP: #44196 -- Martin Pitt <email address hidden> Tue, 20 Nov 2007 10:08:30 +0100
Superseded in hardy-release |
cupsys (1.3.4-1ubuntu1) hardy; urgency=low * Merge new upstream version from Debian.
cupsys (1.3.2-1ubuntu7.1) gutsy-security; urgency=low * SECURITY UPDATE: arbitrary code execution via stack overflow. * Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes from Michael Sweet. * References CVE-2007-4351 -- Kees Cook <email address hidden> Thu, 01 Nov 2007 06:52:01 -0700
cupsys (1.2.8-0ubuntu8.1) feisty-security; urgency=low * SECURITY UPDATE: arbitrary code execution via stack overflow. * Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes from Michael Sweet. * References CVE-2007-4351 -- Kees Cook <email address hidden> Thu, 01 Nov 2007 06:52:01 -0700
cupsys (1.2.4-2ubuntu3.1) edgy-security; urgency=low * SECURITY UPDATE: arbitrary code execution via stack overflow. * Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes from Michael Sweet. * References CVE-2007-4351 -- Kees Cook <email address hidden> Thu, 01 Nov 2007 06:52:01 -0700
cupsys (1.2.2-0ubuntu0.6.06.4) dapper-security; urgency=low * SECURITY UPDATE: arbitrary code execution via stack overflow. * Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes from Michael Sweet. * References CVE-2007-4351 -- Kees Cook <email address hidden> Thu, 01 Nov 2007 06:52:01 -0700
Superseded in hardy-release |
cupsys (1.3.2-1ubuntu8) hardy; urgency=low * SECURITY UPDATE: arbitrary code execution via stack overflow. * Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes from Michael Sweet. * References CVE-2007-4351 -- Kees Cook <email address hidden> Thu, 01 Nov 2007 06:52:01 -0700
cupsys (1.3.2-1ubuntu7) gutsy; urgency=low * debian/cupsys.postinst: Drop ancient transitional code to remove root from group lpadmin. Under very odd circumstances ("root" has the same UID than the user) this could cause the user to be removed from group 'lpadmin'. Quite unlikely that this is the prime reason for LP #134503, but it's much cleaner in any case. -- Martin Pitt <email address hidden> Mon, 15 Oct 2007 12:32:16 +0200
Superseded in gutsy-release |
cupsys (1.3.2-1ubuntu6) gutsy; urgency=low * debian/local/apparmor-profile: Allow 'm' (executable mmapping) of /etc/shadow. This does not actually extend privileges since it is already readable, and does not actually make sense, but some weird backends want to do it nevertheless. (LP: #152061) -- Martin Pitt <email address hidden> Sun, 14 Oct 2007 22:01:31 +0200
Superseded in gutsy-release |
cupsys (1.3.2-1ubuntu5) gutsy; urgency=low * Revert previous approach to symlinking of documentation directories, and do it in a way that's more in line with the existing code in debian/rules. * debian/cupsys.docs: Remove duplicate files (LP: #149106). * Make libcupsys2 replace the broken version of cupsys to help out people who used dpkg --force-overwrite wrongly. * Fix dh_compress arguments to cope with moved examples. * debian/cupsys.preinst, debian/cupsys-common.preinst: Remove old directories before unpack, since dpkg won't replace directories with symlinks. -- Colin Watson <email address hidden> Fri, 05 Oct 2007 02:46:34 +0100
Superseded in gutsy-release |
cupsys (1.3.2-1ubuntu4) gutsy; urgency=low * cupsys-common: Depend on libcupsys2. * Symlink doc directories to avoid duplicate files. -- Matthias Klose <email address hidden> Thu, 04 Oct 2007 17:45:31 +0200
Superseded in gutsy-release |
cupsys (1.3.2-1ubuntu3) gutsy; urgency=low * No-change upload of 1ubuntu1, to revert the 1ubuntu2 upload which should never have happened. -- Martin Pitt <email address hidden> Thu, 04 Oct 2007 13:42:28 +0200
Superseded in gutsy-release |
cupsys (1.3.2-1ubuntu2) gutsy; urgency=low * debian/local/apparmor-profile: Allow cups-pdf to write into ~/Desktop so that ~/Desktop can be used as default destination for the PDFs created by cups-pdf. The old destination ~/PDF is still allowed to simplify package updates. -- Till Kamppeter <email address hidden> Wed, 4 Oct 2007 17:01:06 +0100
Superseded in gutsy-release |
cupsys (1.3.2-1ubuntu1) gutsy; urgency=low * Merge from Debian to get new upstream bug fix microrelease. (LP: #140877) * Removed debian/patches/fix_auto_rotate_images.dpatch: Fixed upstream (although slightly differently). * debian/local/apparmor-profile: Allow 'm' access to /etc/{passwd,group}. Apparently some backends want it that way. (part of LP #139665) * debian/local/apparmor-profile: Add forgotten /usr/lib/cups/cgi-bin/* rule to unbreak the web interface (regression from 1.3.0-4ubuntu2).
Superseded in gutsy-release |
cupsys (1.3.0-4ubuntu4) gutsy; urgency=low [ Martin Pitt ] * debian/local/apparmor-profile: Allow cups-pdf to read /etc/papersize. [ Till Kamppeter ] * debian/patches/fix_auto_rotate_images.dpatch: Fix auto-rotation for best fit of images on the paper (CUPS STRs #2502 and #2513). -- Martin Pitt <email address hidden> Wed, 12 Sep 2007 19:06:02 +0200
Superseded in gutsy-release |
cupsys (1.3.0-4ubuntu3) gutsy; urgency=low * debian/local/apparmor-profile: Use abstraction tunable variables for /proc and /home. -- Kees Cook <email address hidden> Wed, 12 Sep 2007 22:07:50 -0700
Superseded in gutsy-release |
cupsys (1.3.0-4ubuntu2) gutsy; urgency=low * debian/local/apparmor-profile: #139105 was not a bug after all, but rather a misunderstood concept of AppArmor. Change the profile to allow unrestricted execution of filters, which are always run as unprivileged system user anyway. This should unbreak most third-party printer drivers. -- Martin Pitt <email address hidden> Wed, 12 Sep 2007 19:02:43 +0200
1 → 75 of 157 results | First • Previous • Next • Last |