lp:ubuntu/gutsy-security/hplip

Created by James Westby on 2009-12-05 and last modified on 2009-12-05
Get this branch:
bzr branch lp:ubuntu/gutsy-security/hplip
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

42. By Ansgar Burchardt on 2008-12-18

debian/hplip.postinst: Removed code to correct permissions of .hplip
personal config in user's home directories (Ubuntu LP: #191299).

41. By Marc Deslauriers on 2008-11-20

* SECURITY UPDATE: privilege escalation using the hplip alert-mailing
  functionality.
  - debian/patches/91_SECURITY_CVE-2008-2940.dpatch: fix handle_event()
    in hpssd.py to validate device-uri parameter and disable
    handle_setalerts(). This fix alters hplip behaviour by preventing
    users from setting alerts and by moving alert configuration to a
    root-controlled /etc/hp/alerts.conf file.
  - CVE-2008-2940
* SECURITY UPDATE: denial of service in hpssd message parser.
  - debian/patches/92_SECURITY_CVE-2008-2941.dpatch: fix handle_event()
    in hpssd.py to correctly validate parameters.
  - CVE-2008-2941

40. By Marc Deslauriers on 2008-11-18

* SECURITY UPDATE: privilege escalation using the hplip alert-mailing
  functionality.
  - debian/patches/91_SECURITY_CVE-2008-2940.dpatch: fix handle_event()
    in hpssd.py to validate device-uri parameter and disable
    handle_setalerts(). This fix alters hplip behaviour by preventing
    users from setting alerts and by moving alert configuration to a
    root-controlled /etc/hp/alerts.conf file.
  - CVE-2008-2940
* SECURITY UPDATE: denial of service in hpssd message parser.
  - debian/patches/92_SECURITY_CVE-2008-2941.dpatch: fix handle_event()
    in hpssd.py to correctly validate parameters.
  - CVE-2008-2941

39. By Kees Cook on 2007-10-11

* SECURITY UPDATE: arbitrary command execution via network
* Add debian/patches/90_subprocess_replacement: use subprocess instead.
* References
  https://launchpad.net/bugs/149121
  CVE-2007-5208

38. By Till Kamppeter on 2007-10-04

debian/55-hpmud.rules: Changed UDEV rules to set owner "lp",
group "scanner", and permissions 0660 for the /dev/... files, so
that non-privileged users (not in "lp" group, but in "scanner"
group) can also access the HP printers. Simply using 0666
permissions is a security problem (LP: #147369).

37. By Till Kamppeter on 2007-10-03

debian/rules, debian/55-hpmud.rules:
Updated UDEV rules for HPLIP to the ones of HPLIP 2.7.9. The current
rules do not work any more (LP: #147369)

36. By Till Kamppeter on 2007-09-05

debian/control, debian/hplip.install, debian/hplip-gui.install,
debian/rules:
Moved menu entries for the GUI utilities into the new hplip-gui package.
This package requires python-qt3 and so the menu entries can never appear
if python-qt3 is not installed. Let the main package (hplip) recommend
hplip-gui instead of python-qt3 now. Fixes: LP: #67892, LP: #86893,
LP: #134480, LP: #137168

35. By Till Kamppeter on 2007-08-22

* Modified upstream source tarball: Firmware files for HP LaserJet 1018
  and 1020 removed on HP's request
* debian/control, debian/rules, debian/hplip-data.install,
  debian/hplip-firmware.install: Removed hplip-firmware binary package.
* debian/README.Source: Updated packaging documentation
* debian/hpijs.README.Debian, debian/hpijs.NEWS, debian/hpijs-ppds.NEWS,
  debian/hpijs.1, debian/control: linuxprinting.org -> openprinting.org

34. By Till Kamppeter on 2007-08-17

* debian/hplip.install: Added missing line "usr/lib/lib*.so.*" (LP: #132670,
  LP: #132781)
* debian/hplip.preinst: Remove init scripts of former 1.x HPLIP versions
* debian/hplip.default: Removed, as we do not have permanently running
  daemons any more.
* debian/hplip.rtupdate, debian/rules, debian/hplip.install: Removed update
  helper, as we do not have permanently running daemons any more.

33. By Till Kamppeter on 2007-08-13

debian/control: Added "automake" and "libtool" to "Build-Depends"

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/hplip
This branch contains Public information 
Everyone can see this information.

Subscribers