15 juin 2020 21:43 "Adam D. Barratt" <a...@adam-barratt.org.uk> a écrit: > On Mon, 2020-04-27 at 09:03 +0200, Didier 'OdyX' Raboud wrote: >> CVE-2020-3898 and CVE-2019-8842 got fixed in unstable and pending for >> stable (#958814), after coordinated disclosure. >> >> I'd like to fix these in an oldstable upload too: >> >> cups (2.2.1-8+deb9u6) stretch; urgency=medium >> >> * Backport upstream security fixes: >> - CVE-2020-3898: heap-buffer-overflow in libcups’s >> ppdFindOption() >> function in ppd-mark.c >> - CVE-2019-8842: The `ippReadIO` function may under-read an >> extension >> field > > Please go ahead; sorry for the delay.
NP; uploaded. Thanks for your time, OdyX
