Control: tags -1 + confirmed On Mon, 2020-04-27 at 09:03 +0200, Didier 'OdyX' Raboud wrote: > CVE-2020-3898 and CVE-2019-8842 got fixed in unstable and pending for > stable (#958814), after coordinated disclosure. > > I'd like to fix these in an oldstable upload too: > > cups (2.2.1-8+deb9u6) stretch; urgency=medium > > * Backport upstream security fixes: > - CVE-2020-3898: heap-buffer-overflow in libcups’s > ppdFindOption() > function in ppd-mark.c > - CVE-2019-8842: The `ippReadIO` function may under-read an > extension > field >
Please go ahead; sorry for the delay. Regards, Adam
