Format: 1.7
Date: Thu, 08 Jan 2009 10:29:38 -0500
Source: cupsys
Binary: libcupsys2 libcupsimage2 cupsys cupsys-client libcupsys2-dev libcupsimage2-dev cupsys-bsd cupsys-common
Architecture: lpia_translations lpia
Version: 1.3.7-1ubuntu3.3
Distribution: hardy
Urgency: low
Maintainer: Ubuntu/lpia Build Daemon <buildd@zirconium.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 cupsys     - Common UNIX Printing System(tm) - server
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
 cupsys-common - Common UNIX Printing System(tm) - common files
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System(tm) - libs
 libcupsys2-dev - Common UNIX Printing System(tm) - development files
Launchpad-Bugs-Fixed: 298241 298241
Changes: 
 cupsys (1.3.7-1ubuntu3.3) hardy-security; urgency=low
 .
   * SECURITY UPDATE: denial of service by adding a large number of RSS
     subscriptions (LP: #298241)
     - debian/patches/CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions
       being reached in scheduler/{ipp.c,subscriptions.c}.
     - CVE-2008-5183
   * SECURITY UPDATE: unauthorized access to RSS subscription functions in
     web interface (LP: #298241)
     - debian/patches/CVE-2008-5184.dpatch: make sure user is authenticated
       in /cgi-bin/admin.c.
     - CVE-2008-5184
   * SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG
     image with a large height value
     - This issue was introduced in the patch for CVE-2008-1722.
     - debian/patches/CVE-2008-1722.dpatch: adjust patch to multiply img->xsize
       instead of img->ysize so we don't overflow in filter/image-png.c.
     - CVE-2008-5286
   * SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack
     - debian/filters/pstopdf: use the cleaned-up version from Debian.
     - CVE-2008-5377
Files: 
 84ee0ef2d286215ef09a79c4f136aed8 757638 raw-translations - cupsys_1.3.7-1ubuntu3.3_lpia_translations.tar.gz
 dca1c947f9af44e5d4c6bc2c604aa371 173708 libs optional libcupsys2_1.3.7-1ubuntu3.3_lpia.deb
 1ba114f3487de2725c3704efbaf6a5c5 50860 libs optional libcupsimage2_1.3.7-1ubuntu3.3_lpia.deb
 715aafc333b7d070b516950843cdf664 1865256 net optional cupsys_1.3.7-1ubuntu3.3_lpia.deb
 998f5ae89f57c5a3874a2bec71f435af 88752 net optional cupsys-client_1.3.7-1ubuntu3.3_lpia.deb
 98f33df59e831f8213370b533c9a6f7b 337010 libdevel optional libcupsys2-dev_1.3.7-1ubuntu3.3_lpia.deb
 39aa25aae6614a78a0b3c29e30d464f9 60548 libdevel optional libcupsimage2-dev_1.3.7-1ubuntu3.3_lpia.deb
 3176e400d418ca744825919b30d1a248 36678 net extra cupsys-bsd_1.3.7-1ubuntu3.3_lpia.deb
Original-Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>