Comment 11 for bug 1505328

1- The debdiff in comment #9 still contains an extra cups-1.7.2/lets_patch_this.patch section. Could you please remove it?
2- Please add an origin tag to the patch that traces back to redhat's 1161172 bug, since I believe that's what you based the backport on

3- Also, I don't think we should do this change:

@@ -4811,7 +4813,10 @@
   if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls)
   {
     httpSetField(http, HTTP_FIELD_CONNECTION, "Upgrade");
- httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2,TLS/1.1,TLS/1.0");
+ if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2,TLS/1.1,TLS/1.0,SSL/3.0");
+ else
+ httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2,TLS/1.1,TLS/1.0");
   }
 #endif /* HAVE_SSL */

@@ -5572,7 +5590,10 @@

   httpClearFields(http);
   httpSetField(http, HTTP_FIELD_CONNECTION, "upgrade");
- httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2,TLS/1.1,TLS/1.0");
+ if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2,TLS/1.1,TLS/1.0,SSL/3.0");
+ else
+ httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2,TLS/1.1,TLS/1.0");

   if ((ret = httpOptions(http, "*")) == 0)
   {

It doesn't make sense to "upgrade" to sslv3.

So, looking at the patch, I believe this should be an SRU, and not a security update.