Control: tags -1 + confirmed On Thu, 2018-02-22 at 17:57 +0100, Didier 'OdyX' Raboud wrote: > CUPS is affected by CVE-2017-18190: remote attackers could execute > arbitrary > IPP commands by sending POST requests to the CUPS daemon in > conjunction with > DNS rebinding. This was caused by a whitelisted > "localhost.localdomain" entry. > > According to the Security Team it doesn't warrant a DSA, but still > makes sense > to be addressed on Stretch (and Jessie). It was fixed independently > on wheezy > already. > > The proposed debdiff is attached; can I upload to stretch?
Please go ahead. > Do you need another bug for Jessie ? Yes, please. Regards, Adam
