Comment 5 for bug 298241

@Martin: check out the comments on http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/

someone figured out why ubuntu hardy does NOT require auth to add rss subscriptions (cupsd dies completely when visiting "evil" page), whereas ubuntu intrepid DOES require auth.

copied and pasted:

"
TH responds:

Problem solved:

Hardy’s version: 1.3.7-1ubuntu3.1
Intrepid’s version: 1.3.9-2
http://packages.ubuntu.com/intrepid/cups
http://packages.ubuntu.com/hardy/cupsys

From cups-1.3.8 CHANGES.txt:
- The scheduler now ensures that the RSS directory has the correct permissions.
"

hope that helps.