Package: cupsys Version: 1.2.7-4etch6 Severity: serious Tags: security , patch
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for cups. CVE-2009-0791[0]: | Multiple integer overflows in the pdftops filter in CUPS 1.1.17, | 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service | (application crash) or possibly execute arbitrary code via a crafted | PDF file that triggers a heap-based buffer overflow, possibly related | to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) | JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the | JBIG2Stream.cxx vector may overlap CVE-2009-1179. See redhat bug for patch [1]. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791 http://security-tracker.debian.net/tracker/CVE-2009-0791 [1] https://bugzilla.redhat.com/show_bug.cgi?id=491840 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
