found 506180 1.3.8-1lenny2 thanks 2008/11/19 Martin Pitt <[EMAIL PROTECTED]>: > Version: 1.3.8-1 > > Hello Raphael,
Hello Martin, > > Raphael Geissert [2008-11-18 21:22 -0600]: >> An exploit[0][1] has been published for CUPS. >> >> > The daemon crashes when more than 100 RSS Subscriptions are added which has >> > been successfully tested on the latest versions of openSuse and Ubuntu >> > Desktop at time of writing (11.0 and 8.04.1 respectively). For some reason, >> > the user doesn't need to login to add RSS subscriptions, although >> > authentication is required to perform other actions. I'm not sure if this >> > bug can lead to remote code execution. Further investigation/gdbing is >> > required. >> >> Note: when reproducing it locally in a default Debian setup, I was required >> to >> login before the RSS subscriptions could be added and then crash cupsd. > > This is http://www.cups.org/str.php?L2774 which has been fixed in > 1.3.8. Thus current testing and unstable are unaffected. Etch is > unaffected as well, since 1.2.7 did not yet have RSS subscriptions. I did manage to reproduce it in 1.3.8-1lenny2, so whatever was changed didn't actually fix the bug. > > So I close this report. However, it is relevant for Ubuntu 7.10 and > 8.04, so I'll fix it there. > >> If you fix the vulnerability please also make sure to include the CVE id when >> one is assigned in the changelog entry. > > I will, but currently there is none. Thanks > > Thanks for pointing out! > > Martin > -- > Martin Pitt | http://www.piware.de > Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkkkAp4ACgkQDecnbV4Fd/IK2QCgn0fu3EINqmK1K8bm4eJWtoyM > aq0AoKAf5F+LyDsKVWVq1j+6+fi34oJB > =wZbr > -----END PGP SIGNATURE----- > > Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net Alfred Hitchcock - "Television has brought back murder into the home - where it belongs." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
