Your message dated Tue, 02 Dec 2008 02:02:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#507183: fixed in cups 1.3.8-1lenny4
has caused the Debian Bug report #507183,
regarding cups: integer overflow via validation code in of the image size
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
507183: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507183
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: cups
Version: 1.3.8-1lenny3
Severity: grave
Tags: security, patch
Justification: user security hole
Hi Martin
Cups upstream just fixed another integer overflow[0], which was introduced
due to an incomplete fix for CVE-2008-1722. The upstream commit can be
found here[1]. A CVE id has been requested and I'll post it as soon as
it is available.
Cheers
Steffen
[0]: http://www.cups.org/str.php?L2974
[1]: http://www.cups.org/strfiles/2974/str2974.patch
--- End Message ---
--- Begin Message ---
Source: cups
Source-Version: 1.3.8-1lenny4
We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive:
cups-bsd_1.3.8-1lenny4_i386.deb
to pool/main/c/cups/cups-bsd_1.3.8-1lenny4_i386.deb
cups-client_1.3.8-1lenny4_i386.deb
to pool/main/c/cups/cups-client_1.3.8-1lenny4_i386.deb
cups-common_1.3.8-1lenny4_all.deb
to pool/main/c/cups/cups-common_1.3.8-1lenny4_all.deb
cups-dbg_1.3.8-1lenny4_i386.deb
to pool/main/c/cups/cups-dbg_1.3.8-1lenny4_i386.deb
cups_1.3.8-1lenny4.diff.gz
to pool/main/c/cups/cups_1.3.8-1lenny4.diff.gz
cups_1.3.8-1lenny4.dsc
to pool/main/c/cups/cups_1.3.8-1lenny4.dsc
cups_1.3.8-1lenny4_i386.deb
to pool/main/c/cups/cups_1.3.8-1lenny4_i386.deb
cupsys-bsd_1.3.8-1lenny4_all.deb
to pool/main/c/cups/cupsys-bsd_1.3.8-1lenny4_all.deb
cupsys-client_1.3.8-1lenny4_all.deb
to pool/main/c/cups/cupsys-client_1.3.8-1lenny4_all.deb
cupsys-common_1.3.8-1lenny4_all.deb
to pool/main/c/cups/cupsys-common_1.3.8-1lenny4_all.deb
cupsys-dbg_1.3.8-1lenny4_all.deb
to pool/main/c/cups/cupsys-dbg_1.3.8-1lenny4_all.deb
cupsys_1.3.8-1lenny4_all.deb
to pool/main/c/cups/cupsys_1.3.8-1lenny4_all.deb
libcups2-dev_1.3.8-1lenny4_i386.deb
to pool/main/c/cups/libcups2-dev_1.3.8-1lenny4_i386.deb
libcups2_1.3.8-1lenny4_i386.deb
to pool/main/c/cups/libcups2_1.3.8-1lenny4_i386.deb
libcupsimage2-dev_1.3.8-1lenny4_i386.deb
to pool/main/c/cups/libcupsimage2-dev_1.3.8-1lenny4_i386.deb
libcupsimage2_1.3.8-1lenny4_i386.deb
to pool/main/c/cups/libcupsimage2_1.3.8-1lenny4_i386.deb
libcupsys2-dev_1.3.8-1lenny4_all.deb
to pool/main/c/cups/libcupsys2-dev_1.3.8-1lenny4_all.deb
libcupsys2_1.3.8-1lenny4_all.deb
to pool/main/c/cups/libcupsys2_1.3.8-1lenny4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <[EMAIL PROTECTED]> (supplier of updated cups package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 01 Dec 2008 17:33:18 -0800
Source: cups
Binary: libcups2 libcupsimage2 cups cups-client libcups2-dev libcupsimage2-dev
cups-bsd cups-common cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd
cupsys-dbg libcupsys2 libcupsys2-dev
Architecture: source all i386
Version: 1.3.8-1lenny4
Distribution: unstable
Urgency: high
Maintainer: Debian CUPS Maintainers <[EMAIL PROTECTED]>
Changed-By: Martin Pitt <[EMAIL PROTECTED]>
Description:
cups - Common UNIX Printing System(tm) - server
cups-bsd - Common UNIX Printing System(tm) - BSD commands
cups-client - Common UNIX Printing System(tm) - client programs (SysV)
cups-common - Common UNIX Printing System(tm) - common files
cups-dbg - Common UNIX Printing System(tm) - debugging symbols
cupsys - Common UNIX Printing System (transitional package)
cupsys-bsd - Common UNIX Printing System (transitional package)
cupsys-client - Common UNIX Printing System (transitional package)
cupsys-common - Common UNIX Printing System (transitional package)
cupsys-dbg - Common UNIX Printing System (transitional package)
libcups2 - Common UNIX Printing System(tm) - libs
libcups2-dev - Common UNIX Printing System(tm) - development files
libcupsimage2 - Common UNIX Printing System(tm) - image libs
libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
libcupsys2 - Common UNIX Printing System (transitional package)
libcupsys2-dev - Common UNIX Printing System (transitional package)
Closes: 507183
Changes:
cups (1.3.8-1lenny4) unstable; urgency=high
.
* High urgency due to security bug fix.
* Add png-image-int-overflow.dpatch: Fix integer overflow in the PNG image
reader (Closes: #507183, STR #2974, CVE-2008-5286)
Checksums-Sha1:
b8dee8a0c156342e69311c3421b50c026d800623 1833 cups_1.3.8-1lenny4.dsc
4ac6dfd579c7e03e4a333928a2925f6746f6d560 182791 cups_1.3.8-1lenny4.diff.gz
fe3e44475bebbd5bf2727a1cca6ea9c006d8bf63 1174844
cups-common_1.3.8-1lenny4_all.deb
5f3609f86918209de2dbf4b4b883443f87a5ce14 51712 cupsys_1.3.8-1lenny4_all.deb
e4aae02a448ad56cf02b54837f8cac5540419415 51736
cupsys-client_1.3.8-1lenny4_all.deb
2b8dd2de4dc61746971b23b9f13d3fdd42d03465 51736
cupsys-common_1.3.8-1lenny4_all.deb
94cebaf00e6553facc5b3d93fe2ccc1cdecc22a4 51730 cupsys-bsd_1.3.8-1lenny4_all.deb
6a64646409a04343a36e30c4b34fb4706e19fd41 51728 cupsys-dbg_1.3.8-1lenny4_all.deb
47b1fbdcede7420947c4a441cb6549d802a4879e 51732 libcupsys2_1.3.8-1lenny4_all.deb
a8419816a40b9c4cb258d6e52dd245fb5369a5e6 51744
libcupsys2-dev_1.3.8-1lenny4_all.deb
be7fea224e3860c4cba9903937d50fc92fde4fe6 164134 libcups2_1.3.8-1lenny4_i386.deb
f88b6bc78cf6f36da7d27bdc4d9919b537aaa89b 98840
libcupsimage2_1.3.8-1lenny4_i386.deb
b971c751e77b24b1b9961271294135c77bc2b5ba 2046998 cups_1.3.8-1lenny4_i386.deb
2f94a730b206339f375ec60e58bf4130c4627ba9 114872
cups-client_1.3.8-1lenny4_i386.deb
cc8e5faddeb5be963edbe06ef08b7549962c00f1 393746
libcups2-dev_1.3.8-1lenny4_i386.deb
0981cbc5af1458ab119d05604ffc454ec9805362 60374
libcupsimage2-dev_1.3.8-1lenny4_i386.deb
2bda7e77633fa2504b69c323aa1c818ea2761168 36478 cups-bsd_1.3.8-1lenny4_i386.deb
12acdee13ddcfa8d91b18384f84467c333adfca4 1085132
cups-dbg_1.3.8-1lenny4_i386.deb
Checksums-Sha256:
ee37fd7a2106e17e506b90185504f18eb50ebad2bb22a8f0ede64629d9b4dee6 1833
cups_1.3.8-1lenny4.dsc
99756ee19b22ad00cd7bdef91145ee5c12a9f4254230c82b8bcf7d3c0fb5e6b2 182791
cups_1.3.8-1lenny4.diff.gz
545809f1b9e37559aaae5467bbfec1a66cf007beb018b200b2460cf7384b123a 1174844
cups-common_1.3.8-1lenny4_all.deb
c81d2bc09a0ffffc82d4c47628ac3e47de945617cbc17c76888a9ec94c15b8b9 51712
cupsys_1.3.8-1lenny4_all.deb
2cf2083d7ad9586a5a9692a31aa00b842ae81719fef9cbc7a69c47d13f4fbbdb 51736
cupsys-client_1.3.8-1lenny4_all.deb
7856a5ec98b1d4e42fd7347061aa284b07734bf9e982276b97912490b7a894be 51736
cupsys-common_1.3.8-1lenny4_all.deb
cd3d6bfe778c5e4c58ce8555ff6652d4bd33194af9d271c09254df9a08a2c9fa 51730
cupsys-bsd_1.3.8-1lenny4_all.deb
b13b2a43491f33e9fc763aa7d4c0293a35cf904fc9f71e493e845804a5068714 51728
cupsys-dbg_1.3.8-1lenny4_all.deb
ff4ed9e2738a8a3dca6fc9b2ed4e85ee91dba19454d8b06e0ee84631754d78cf 51732
libcupsys2_1.3.8-1lenny4_all.deb
bcb6d7a3ff0455a8598df63113a318f7845bcfd4cab8d4a3a3497f43c7ed787d 51744
libcupsys2-dev_1.3.8-1lenny4_all.deb
1982ebf6f89acdebc5674a943f8623bed7aad1d052ced56f7fc49d6202685a89 164134
libcups2_1.3.8-1lenny4_i386.deb
5474389effd3bc1ea8fa739437148d12fe1f34a504a63fdffee0e89d8fe497f6 98840
libcupsimage2_1.3.8-1lenny4_i386.deb
9882f6e6166795b01a00e6e16897fb8576aac9cf5eaf1a391ac823d12effa235 2046998
cups_1.3.8-1lenny4_i386.deb
8d4e3199753909077d5d6d2206c92c979b6a08975cbc4844001b0f52b454d7a0 114872
cups-client_1.3.8-1lenny4_i386.deb
e31352b0b5ab5292b130bdb7e95dd926d3054165418cca48e034c97831e0b6a0 393746
libcups2-dev_1.3.8-1lenny4_i386.deb
af5e5a888301a8b519b9674a9b494303727e91c1869ecec6f9c9de858d29fa49 60374
libcupsimage2-dev_1.3.8-1lenny4_i386.deb
c3d59e4707e91504887b87a2ffb4f5cc7535081b3574b545431012f083d3f66e 36478
cups-bsd_1.3.8-1lenny4_i386.deb
b2321ce54ca6a8405d10f4e02692303ff8d8a797bcd480e5490404b9f8c35bc3 1085132
cups-dbg_1.3.8-1lenny4_i386.deb
Files:
23c9531d0b759ccce0501be006e4d423 1833 net optional cups_1.3.8-1lenny4.dsc
83fc53f65f54638c77a93516708e26e6 182791 net optional cups_1.3.8-1lenny4.diff.gz
d4c95b74d05c479e63d675f3796f0581 1174844 net optional
cups-common_1.3.8-1lenny4_all.deb
c18b68ff56dd95fe9275d7004928c8fc 51712 oldlibs extra
cupsys_1.3.8-1lenny4_all.deb
a9bfc989cee5426b1c65fbb70078f7ce 51736 oldlibs extra
cupsys-client_1.3.8-1lenny4_all.deb
ccce8e48eb5040a0194d246607be85d7 51736 oldlibs extra
cupsys-common_1.3.8-1lenny4_all.deb
53c4153a5c4b4174dbe811c48d025b9b 51730 oldlibs extra
cupsys-bsd_1.3.8-1lenny4_all.deb
0e7b5d8769819ce27d204b4868d22add 51728 oldlibs extra
cupsys-dbg_1.3.8-1lenny4_all.deb
3585607e87d56afe20cd61912f93acbf 51732 oldlibs extra
libcupsys2_1.3.8-1lenny4_all.deb
9ac38d77f6af4fa9f5bb48a9947b7dd5 51744 oldlibs extra
libcupsys2-dev_1.3.8-1lenny4_all.deb
282513036466e11079b56ca2b576f59f 164134 libs optional
libcups2_1.3.8-1lenny4_i386.deb
6a0789b7b3ba1ec3196cfb17016ed1dd 98840 libs optional
libcupsimage2_1.3.8-1lenny4_i386.deb
305038d5f8d1355f00e9b8b351d8dff3 2046998 net optional
cups_1.3.8-1lenny4_i386.deb
bf9bd76781de078f407fb6cbdd61f16b 114872 net optional
cups-client_1.3.8-1lenny4_i386.deb
f2b5e0a2e56eade2dd945610df002bb5 393746 libdevel optional
libcups2-dev_1.3.8-1lenny4_i386.deb
1ebadd83ae7e7955e1a9e74d3460d0d5 60374 libdevel optional
libcupsimage2-dev_1.3.8-1lenny4_i386.deb
13d9a59014857c92a03a3d7087bae0ca 36478 net extra
cups-bsd_1.3.8-1lenny4_i386.deb
32ced52002eb3019d49ad75bca31869a 1085132 libdevel extra
cups-dbg_1.3.8-1lenny4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkk0kmQACgkQDecnbV4Fd/L7PwCgwdN0tkqJhxkWilQoHSsQ2iJF
VZoAoLqzCnWM66Kiz5Ddq9jLwgaVui0P
=WnyL
-----END PGP SIGNATURE-----
--- End Message ---
