Univention Bugzilla – Bug 39401
cups: Multiple issues (3.2)
Last modified: 2017-02-20 20:49:09 CET
Two issues have been fixed in upstream Debian package version 1.4.4-7+squeeze10: * cups-filters: texttopdf heap-based buffer overflow (CVE-2015-3258) * integer overflow leading to a heap-based buffer overflow (CVE-2015-3279)
Patch from 1.4.4-7+squeeze9 to 1.4.4-7+squeeze10 extracted. Advisory: cups.yaml
Verified: * The patches have been extracted correctly * They have been applied successfully while building 1.4.4-7.97.201509291754 * Package update works * Functional test according to Wiki test set successful * Advisory Ok, since 3.2-6 is out of maintenance I removed it from the list
I just re-checked and found that the 41_CVE-2015-3258-CVE-2015-3279.dpatch is not applied during the "dpatch apply-all", see logs/ucs_3.2-0-0-errata3.2-7/cups_1.4.4-7.97.201509291754.log.bz2. I think the patch still needs to be added to the debian/patches/00list !
r65708 r15431
Ok, patch is applied now: applying patch CVE-2015-3258-CVE-2015-3279 to ./ ... ok. And the update & functional tests have still been successful. Advisory is up to date too.
<http://errata.software-univention.de/ucs/3.2/377.html>
*** Bug 35402 has been marked as a duplicate of this bug. ***