Univention Bugzilla – Bug 51697
cups: Multiple issues (4.4)
Last modified: 2020-07-29 16:50:33 CEST
New Debian cups 2.2.1-8+deb9u6A~4.4.5.202007221413 fixes: This update addresses the following issues: * cups (CVE-2019-8842) * heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c (CVE-2020-3898)
--- mirror/ftp/4.4/unmaintained/4.4-4/source/cups_2.2.1-8+deb9u5A~4.4.3.202002191052.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/cups_2.2.1-8+deb9u6A~4.4.5.202007221413.dsc @@ -1,4 +1,4 @@ -2.2.1-8+deb9u5A~4.4.3.202002191052 [Wed, 19 Feb 2020 10:53:06 +0100] Univention builddaemon <buildd@univention.de>: +2.2.1-8+deb9u6A~4.4.5.202007221413 [Wed, 22 Jul 2020 14:24:39 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 00-autostart-setting @@ -9,6 +9,14 @@ 15_postponed-univention-lpadmin-systemd 20_no-on-demand-systemd-service +2.2.1-8+deb9u6 [Mon, 27 Apr 2020 08:50:13 +0200] Didier Raboud <odyx@debian.org>: + + * Backport upstream security fixes: + - CVE-2020-3898: heap-buffer-overflow in libcups’s ppdFindOption() + function in ppd-mark.c + - CVE-2019-8842: The `ippReadIO` function may under-read an extension + field + 2.2.1-8+deb9u5 [Sun, 19 Jan 2020 09:53:03 +0100] Didier Raboud <odyx@debian.org>: * Backport upstream security fix: <http://10.200.17.11/4.4-5/#311382335253887192>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 0d09b60fd4 Bug #51697: cups 2.2.1-8+deb9u6A~4.4.5.202007221413 doc/errata/staging/cups.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.4-5] b718dd62d2 Bug #51697: cups 2.2.1-8+deb9u6A~4.4.5.202007221413 doc/errata/staging/cups.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x654>