Univention Bugzilla – Bug 50153
cups: Multiple issues (4.3)
Last modified: 2019-09-11 15:56:12 CEST
New Debian cups 2.2.1-8+deb9u4A~4.3.0.201909091536 fixes: This update addresses the following issues: * A buffer overflow issue was addressed with improved memory handling (CVE-2019-8675) * A buffer overflow issue was addressed with improved memory handling (CVE-2019-8696)
--- mirror/ftp/4.3/unmaintained/4.3-4/source/cups_2.2.1-8+deb9u3A~4.3.3.201902261122.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/cups_2.2.1-8+deb9u4A~4.3.0.201909091536.dsc @@ -1,13 +1,14 @@ -2.2.1-8+deb9u3A~4.3.3.201902261122 [Tue, 26 Feb 2019 11:41:42 +0100] Univention builddaemon <buildd@univention.de>: +2.2.1-8+deb9u4A~4.3.0.201909091536 [Mon, 09 Sep 2019 15:36:35 +0200] Univention builddaemon <buildd@univention.de>: - * UCS auto build. The following patches have been applied to the original source package - 00-autostart-setting - 01-do-not-set-auth-info-automatically - 02-execute-postponed-univention-lpadmin-cmds-in-init-script - 04_reload_smbd - 11_cups-disable-test - 15_postponed-univention-lpadmin-systemd - 20_no-on-demand-systemd-service + * UCS auto build. No patches were applied to the original source package + +2.2.1-8+deb9u4 [Wed, 21 Aug 2019 09:51:54 +0200] Didier Raboud <odyx@debian.org>: + + * Fix multiple security/disclosure issues (Closes: #934957) + - CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows + - Fixed IPP buffer overflow + - Fixed memory disclosure issue in the scheduler + - Fixed DoS issues in the scheduler 2.2.1-8+deb9u3 [Fri, 14 Dec 2018 13:58:47 +0100] Didier Raboud <odyx@debian.org>: <http://10.200.17.11/4.3-4/#8428496792160931795>
--- mirror/ftp/4.3/unmaintained/4.3-4/source/cups_2.2.1-8+deb9u3A~4.3.3.201902261122.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/cups_2.2.1-8+deb9u4A~4.3.0.201909100938.dsc @@ -1,4 +1,4 @@ -2.2.1-8+deb9u3A~4.3.3.201902261122 [Tue, 26 Feb 2019 11:41:42 +0100] Univention builddaemon <buildd@univention.de>: +2.2.1-8+deb9u4A~4.3.0.201909100938 [Tue, 10 Sep 2019 09:38:34 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 00-autostart-setting @@ -9,6 +9,14 @@ 15_postponed-univention-lpadmin-systemd 20_no-on-demand-systemd-service +2.2.1-8+deb9u4 [Wed, 21 Aug 2019 09:51:54 +0200] Didier Raboud <odyx@debian.org>: + + * Fix multiple security/disclosure issues (Closes: #934957) + - CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows + - Fixed IPP buffer overflow + - Fixed memory disclosure issue in the scheduler + - Fixed DoS issues in the scheduler + 2.2.1-8+deb9u3 [Fri, 14 Dec 2018 13:58:47 +0100] Didier Raboud <odyx@debian.org>: * Backport upstream fixes for: <http://10.200.17.11/4.3-4/#733253228738746358>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] 2b2e751cdf Bug #50153: cups 2.2.1-8+deb9u4A~4.3.0.201909100938 doc/errata/staging/cups.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.3-4] e83831386c Bug #50153: cups_2.2.1-8+deb9u4A~4.3.0.201909091536 doc/errata/staging/cups.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.3/572.html>