Univention Bugzilla – Full Text Bug Listing |
Summary: | cups: Multiple issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-4-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 7.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) | ||
Bug Depends on: | |||
Bug Blocks: | 48437 |
Description
Quality Assurance
2018-08-10 17:52:12 CEST
--- mirror/ftp/4.2/unmaintained/4.2-4/source/cups_1.7.5-11+deb8u2A~4.2.4.201805071556.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/cups_1.7.5-11+deb8u4A~4.2.4.201808101752.dsc @@ -1,4 +1,4 @@ -1.7.5-11+deb8u2A~4.2.4.201805071556 [Mon, 07 May 2018 15:56:46 +0200] Univention builddaemon <buildd@univention.de>: +1.7.5-11+deb8u4A~4.2.4.201808101752 [Fri, 10 Aug 2018 17:52:31 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 00-autostart-setting @@ -8,6 +8,20 @@ 11_cups-disable-test 15_postponed-univention-lpadmin-systemd +1.7.5-11+deb8u4 [Fri, 13 Jul 2018 13:05:13 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2018-4180: Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN) + CVE-2018-4181: Limited Local File Reads as Root via cupsd.conf Include Directive + - Backported patch taken from Ubuntu. + * CVE-2018-6553: Fix AppArmor cupsd sandbox bypass due to use of hard links + +1.7.5-11+deb8u3 [Thu, 07 Jun 2018 09:23:48 -0400] Antoine Beaupré <anarcat@debian.org>: + + * Non-maintainer upload by the Security Team. + * CVE-2017-18190: fix remote code execution through DNS rebinding + * CVE-2017-18248: fix remote crash through invalid username + 1.7.5-11+deb8u2 [Fri, 21 Jul 2017 14:09:44 +0200] Didier Raboud <odyx@debian.org>: * Disable SSLv3 and RC4 by default to address POODLE vulnerability <http://10.200.17.11/4.2-4/#8662698088083549808> OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] a096720ee7 Bug #47570: cups 1.7.5-11+deb8u4A~4.2.4.201808101752 doc/errata/staging/cups.yaml | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) [4.2-4] 3009ee16dd Bug #47570: cups 1.7.5-11+deb8u4A~4.2.4.201808101752 doc/errata/staging/cups.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) |