ubuntu/+source/hplip:applied/ubuntu/gutsy-security

Last commit made on 2009-01-13
Get this branch:
git clone -b applied/ubuntu/gutsy-security https://git.launchpad.net/ubuntu/+source/hplip
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/gutsy-security
Repository:
lp:ubuntu/+source/hplip

Recent commits

0fc2bae... by Ansgar Burchardt on 2008-12-18

Import patches-applied version 2.7.7.dfsg.1-0ubuntu5.3 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: ed6890f74a06519ede8276af73633f28b1e407ed
Unapplied parent: a8ff31cb90428b079e28e03ef4ded789a8ba3031

New changelog entries:
  * debian/hplip.postinst: Removed code to correct permissions of .hplip
    personal config in user's home directories (Ubuntu LP: #191299).

a8ff31c... by Ansgar Burchardt on 2008-12-18

Import patches-unapplied version 2.7.7.dfsg.1-0ubuntu5.3 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 75c01a7917f04f85aac525fe660352e0c99b69da

New changelog entries:
  * debian/hplip.postinst: Removed code to correct permissions of .hplip
    personal config in user's home directories (Ubuntu LP: #191299).

ed6890f... by Marc Deslauriers on 2008-11-20

Import patches-applied version 2.7.7.dfsg.1-0ubuntu5.2 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 4d79dcba71a2fa90a1f5902d5bfe437580542b48
Unapplied parent: 75c01a7917f04f85aac525fe660352e0c99b69da

New changelog entries:
  * SECURITY UPDATE: privilege escalation using the hplip alert-mailing
    functionality.
    - debian/patches/91_SECURITY_CVE-2008-2940.dpatch: fix handle_event()
      in hpssd.py to validate device-uri parameter and disable
      handle_setalerts(). This fix alters hplip behaviour by preventing
      users from setting alerts and by moving alert configuration to a
      root-controlled /etc/hp/alerts.conf file.
    - CVE-2008-2940
  * SECURITY UPDATE: denial of service in hpssd message parser.
    - debian/patches/92_SECURITY_CVE-2008-2941.dpatch: fix handle_event()
      in hpssd.py to correctly validate parameters.
    - CVE-2008-2941

75c01a7... by Marc Deslauriers on 2008-11-20

Import patches-unapplied version 2.7.7.dfsg.1-0ubuntu5.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 37f9395b59a390273ed9ebac36f7017e63e77cd9

New changelog entries:
  * SECURITY UPDATE: privilege escalation using the hplip alert-mailing
    functionality.
    - debian/patches/91_SECURITY_CVE-2008-2940.dpatch: fix handle_event()
      in hpssd.py to validate device-uri parameter and disable
      handle_setalerts(). This fix alters hplip behaviour by preventing
      users from setting alerts and by moving alert configuration to a
      root-controlled /etc/hp/alerts.conf file.
    - CVE-2008-2940
  * SECURITY UPDATE: denial of service in hpssd message parser.
    - debian/patches/92_SECURITY_CVE-2008-2941.dpatch: fix handle_event()
      in hpssd.py to correctly validate parameters.
    - CVE-2008-2941

4d79dcb... by Kees Cook on 2007-10-11

Import patches-applied version 2.7.7.dfsg.1-0ubuntu5 to applied/ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 6a407bf105ca67bd3c6e772398ed6a6465c0c11c
Unapplied parent: 37f9395b59a390273ed9ebac36f7017e63e77cd9

New changelog entries:
  * SECURITY UPDATE: arbitrary command execution via network
  * Add debian/patches/90_subprocess_replacement: use subprocess instead.
  * References
    https://launchpad.net/bugs/149121
    CVE-2007-5208

37f9395... by Kees Cook on 2007-10-11

Import patches-unapplied version 2.7.7.dfsg.1-0ubuntu5 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 454ab5d52a11f46efe00af3e839d251b72ee5308

New changelog entries:
  * SECURITY UPDATE: arbitrary command execution via network
  * Add debian/patches/90_subprocess_replacement: use subprocess instead.
  * References
    https://launchpad.net/bugs/149121
    CVE-2007-5208

6a407bf... by Till Kamppeter on 2007-10-04

Import patches-applied version 2.7.7.dfsg.1-0ubuntu4 to applied/ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: a8e02b45137f0ef3e9157c08ddad388e959c4f74
Unapplied parent: 454ab5d52a11f46efe00af3e839d251b72ee5308

New changelog entries:
  * debian/55-hpmud.rules: Changed UDEV rules to set owner "lp",
    group "scanner", and permissions 0660 for the /dev/... files, so
    that non-privileged users (not in "lp" group, but in "scanner"
    group) can also access the HP printers. Simply using 0666
    permissions is a security problem (LP: #147369).

454ab5d... by Till Kamppeter on 2007-10-04

Import patches-unapplied version 2.7.7.dfsg.1-0ubuntu4 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 77857c36350e9d0d6c071d14f1aaa42c3e525d50

New changelog entries:
  * debian/55-hpmud.rules: Changed UDEV rules to set owner "lp",
    group "scanner", and permissions 0660 for the /dev/... files, so
    that non-privileged users (not in "lp" group, but in "scanner"
    group) can also access the HP printers. Simply using 0666
    permissions is a security problem (LP: #147369).

a8e02b4... by Till Kamppeter on 2007-10-03

Import patches-applied version 2.7.7.dfsg.1-0ubuntu3 to applied/ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 166624cb961782eb859a1fd11075bcee7c1b1dd4
Unapplied parent: 77857c36350e9d0d6c071d14f1aaa42c3e525d50

New changelog entries:
  * debian/rules, debian/55-hpmud.rules:
    Updated UDEV rules for HPLIP to the ones of HPLIP 2.7.9. The current
    rules do not work any more (LP: #147369)

77857c3... by Till Kamppeter on 2007-10-03

Import patches-unapplied version 2.7.7.dfsg.1-0ubuntu3 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: c45f2530dabc8c2d8132035b3e5ed3a70da1a719

New changelog entries:
  * debian/rules, debian/55-hpmud.rules:
    Updated UDEV rules for HPLIP to the ones of HPLIP 2.7.9. The current
    rules do not work any more (LP: #147369)