Univention Bugzilla – Bug 50133
cups: Multiple issues (4.4)
Last modified: 2019-09-11 15:25:32 CEST
New Debian cups 2.2.1-8+deb9u4A~4.4.1.201909091134 fixes: This update addresses the following issues: * cups (CVE-2019-8675) * cups (CVE-2019-8696)
--- mirror/ftp/4.4/unmaintained/4.4-0/source/cups_2.2.1-8+deb9u3A~4.3.3.201902261122.dsc +++ apt/ucs_4.4-0-errata4.4-1/source/cups_2.2.1-8+deb9u4A~4.4.1.201909091134.dsc @@ -1,13 +1,14 @@ -2.2.1-8+deb9u3A~4.3.3.201902261122 [Tue, 26 Feb 2019 11:41:42 +0100] Univention builddaemon <buildd@univention.de>: +2.2.1-8+deb9u4A~4.4.1.201909091134 [Mon, 09 Sep 2019 14:01:21 +0200] Univention builddaemon <buildd@univention.de>: - * UCS auto build. The following patches have been applied to the original source package - 00-autostart-setting - 01-do-not-set-auth-info-automatically - 02-execute-postponed-univention-lpadmin-cmds-in-init-script - 04_reload_smbd - 11_cups-disable-test - 15_postponed-univention-lpadmin-systemd - 20_no-on-demand-systemd-service + * UCS auto build. No patches were applied to the original source package + +2.2.1-8+deb9u4 [Wed, 21 Aug 2019 09:51:54 +0200] Didier Raboud <odyx@debian.org>: + + * Fix multiple security/disclosure issues (Closes: #934957) + - CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows + - Fixed IPP buffer overflow + - Fixed memory disclosure issue in the scheduler + - Fixed DoS issues in the scheduler 2.2.1-8+deb9u3 [Fri, 14 Dec 2018 13:58:47 +0100] Didier Raboud <odyx@debian.org>: <http://10.200.17.11/4.4-1/#1147083580476752527>
--- mirror/ftp/4.4/unmaintained/4.4-0/source/cups_2.2.1-8+deb9u3A~4.3.3.201902261122.dsc +++ apt/ucs_4.4-0-errata4.4-1/source/cups_2.2.1-8+deb9u4A~4.4.0.201909100952.dsc @@ -1,4 +1,4 @@ -2.2.1-8+deb9u3A~4.3.3.201902261122 [Tue, 26 Feb 2019 11:41:42 +0100] Univention builddaemon <buildd@univention.de>: +2.2.1-8+deb9u4A~4.4.0.201909100952 [Tue, 10 Sep 2019 09:52:22 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 00-autostart-setting @@ -9,6 +9,14 @@ 15_postponed-univention-lpadmin-systemd 20_no-on-demand-systemd-service +2.2.1-8+deb9u4 [Wed, 21 Aug 2019 09:51:54 +0200] Didier Raboud <odyx@debian.org>: + + * Fix multiple security/disclosure issues (Closes: #934957) + - CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows + - Fixed IPP buffer overflow + - Fixed memory disclosure issue in the scheduler + - Fixed DoS issues in the scheduler + 2.2.1-8+deb9u3 [Fri, 14 Dec 2018 13:58:47 +0100] Didier Raboud <odyx@debian.org>: * Backport upstream fixes for: <http://10.200.17.11/4.4-1/#7190366054520753753>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-1] 0c4bcb4d61 Bug #50133: cups 2.2.1-8+deb9u4A~4.4.0.201909100952 doc/errata/staging/cups.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-1] 4ebb99d447 Bug #50133: cups 2.2.1-8+deb9u4A~4.4.1.20190909113 doc/errata/staging/cups.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) [4.4-1] 6d01118ff3 Bug #50133: cups 2.2.1-8+deb9u4A~4.4.1.20190909113 doc/errata/staging/cups.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<http://errata.software-univention.de/ucs/4.4/253.html>