Hi, On Tue, May 23, 2023 at 03:55:26PM +0200, Salvatore Bonaccorso wrote: > Hi, > > On Mon, May 22, 2023 at 09:39:34AM +0000, Thorsten Alteholz wrote: > > Package: release.debian.org > > Severity: normal > > User: [email protected] > > Usertags: unblock > > > > Please unblock and age package cups-filters > > > > [ Reason ] > > CVE-2023-24805 (RCE due to missing input sanitising) > > > > [ Impact ] > > The user would be vulnerable to remote code execution. > > > > [ Tests ] > > There is no special test for this patch, only a POC that no > > longer worked after applying the patch. > > > > [ Risks ] > > The patch was provided by upstream and approved by the security team > > (upload to Bullseye already done). > > > > [ Checklist ] > > [x] all changes are documented in the d/changelog > > [x] I reviewed all changes and I approve them > > [x] attach debdiff against the package in testing > > > > unblock cups-filters/1.28.17-3 > > FWIW, is was as well for bullseye released via a DSA. Thorsten, there > seems to be as well a piuparts regression blocking it, can you have a > look?
Looking at the log from https://piuparts.debian.org/sid/fail/cups-browsed_1.28.17-3.log it looks this can be ignored, as it is due to the adduser and piuparts situation. Regards, Salvatore
