lp:ubuntu/intrepid-security/cups
- Get this branch:
- bzr branch lp:ubuntu/intrepid-security/cups
Branch merges
Related bugs
Related blueprints
Branch information
Recent revisions
- 30. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via use-after-free
- debian/patches/ CVE-2009- 3553.dpatch: check fdptr->use and
cupsd_inactive_ fds in scheduler/select.c.
- CVE-2009-3553
- CVE-2010-0302
* SECURITY UPDATE: privilege escalation via lppasswd tool
- debian/patches/ CVE-2010- 0393.dpatch: don't allow environment
variables to override directories in cups/globals.c and
systemv/lppasswd. c.
- CVE-2010-0393 - 29. By Marc Deslauriers
-
* SECURITY UPDATE: XSS and CRLF injection in headers
- debian/patches/ CVE-2009- 2820.dpatch: Introduce cgiClearVariables() in
cgi-bin/{var. c,cgi.h} . Clear out variables in
cgi-bin/{classes, help,ipp- var,jobs, printers} .c. Encode URL string and
clear out variables in cgi-bin/admin.c. Filter more characters in
cgi-bin/template. c.
- CVE-2009-2820 - 28. By Marc Deslauriers
-
* SECURITY UPDATE: Remote denial-of-service via IPP_TAG_UNSUPPORTED tags.
- debian/patches/ CVE-2009- 0949.dpatch: make sure the name field exists
in scheduler/ipp.c.
- CVE-2009-0949 - 27. By Jamie Strandboge
-
* SECURITY UPDATE: fix integer overflow via large TIFF file
- debian/patches/ CVE-2009- 0163.dpatch: adjust CUPS_IMAGE_ MAX_HEIGHT in
filter/image-private. h
- CVE-2009-0163 - 26. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service by adding a large number of RSS
subscriptions (LP: #298241)
- debian/patches/ CVE-2008- 5183.dpatch: gracefully handle MaxSubscriptions
being reached in scheduler/{ipp.c, subscriptions. c}
- CVE-2008-5183
* SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG
image with a large height value
- debian/patches/ CVE-2008- 5286.dpatch: multiply img->xsize instead of
img->ysize so we don't overflow in filter/image-png.c.
- CVE-2008-5286 - 25. By Till Kamppeter
-
debian/
local/filters/ cpdftocps, debian/ filters/ pstopdf: Avoid duplicate
execution of the number of copies. Sending a PostScript job to a
non-PostScript printer produced n*n copies instead of n copies, also
sending a non-PostScript job to a PostScript printer. A PostScript job
sent to a PostScript printer could even produce n*n*n copies (LP: #286048). - 24. By Martin Pitt
-
* New upstream security/bug fix release:
- The HP-GL/2 filter did not range check pen numbers. [CVE-2008-3641]
- The SGI image file reader did not range check 16-bit run lengths.
[CVE-2008-3639]
- The text filter did not range check cpi, lpi, or column values.
[CVE-2008-3640]
- Fix incompatibility with Firefox 3.0 when using SSL.
- Update the French admin.tmpl, to have the missing "Find new printer"
button and the "Subscriptions" section. Thanks to Yves-Alexis Perez!
(Closes: #475270)
- Lots of other bug fixes, see http://www.cups. org/articles. php?L575.
* Drop patches accepted upstream:
- cupsfilter-path-typo. dpatch
- pjl-display-ready-message. dpatch
- dont-chown-symlinked- ssl.dpatch
* Add hpgl-regression.dpatch: Revert the SP_select_pen() enumeration change
introduced in STR #2911, because it changes the color mapping (e. g. "SP1"
would now select a white pen instead of a black one, and "SP0" would not
be valid at all any more). Also fix a remaining off-by-one loop. (STR
#2966) - 23. By Martin Pitt
-
[ Till Kamppeter ]
debian/filters/ pstopdf,
debian/local/filters/ pdf-filters/ filter/ pdftoraster. cxx,
debian/local/filters/ pdf-filters/ pdftopdf/ *: Fixed paper
size handling of pstopdf, pdftopdf, and pdftoraster which led SpliX
to crash (LP: #261363, LP: #268510), fixed monochrome CUPS Raster
output of pdftoraster which led to black pages being printed
(LP: #269691). - 22. By Till Kamppeter
-
debian/
filters/ pstopdf: PostScript code for margins got inserted at every
"%!" in the PostScript input, also at embedded documents. This lead to
some files, like the Ubuntu test page
(/usr/share/system- config- printer/ testpage- a4.ps) not being printed
correctly. Fixed code inhection. - 21. By Till Kamppeter
-
debian/
local/filters/ pdftoraster, debian/rules: Interim replacement for
the pdftoraster filter to work around bugs LP: #267903 and LP: #269691
(black pages printed with SpliX driver, SpliX driver crashing, probably
due to broken CUPS raster format).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/cups