-
cups (2.2.8-5ubuntu1.4) cosmic; urgency=medium
* d/p/0045-Fix-an-issue-with-PreserveJobHistory-and-time-values.patch
Fix an issue with `PreserveJobHistory` and time values
(Issue #5538, Closes: #921741, LP: #1747765)
-- Dariusz Gadomski <email address hidden> Thu, 30 May 2019 14:11:53 +0200
-
cups (2.2.8-5ubuntu1.3) cosmic; urgency=medium
* d/p/systemd-service-for-cupsd-after-sssd.patch: Start cupsd after sssd if
installed (LP: #1822062)
-- Victor Tapia <email address hidden> Wed, 24 Apr 2019 17:21:13 +0200
-
cups (2.2.8-5ubuntu1.2) cosmic; urgency=medium
* fix-handling-of-MaxJobTime.patch: Fix handling of MaxJobTime 0
(LP: #1804576)
-- Dariusz Gadomski <email address hidden> Wed, 12 Dec 2018 08:27:17 +0100
-
cups (2.2.8-5ubuntu1.1) cosmic-security; urgency=medium
* SECURITY UPDATE: predictable session cookies
- debian/patches/CVE-2018-4700.patch: use better seed in cgi-bin/var.c.
- CVE-2018-4700
-- Marc Deslauriers <email address hidden> Fri, 16 Nov 2018 14:03:27 -0500
-
cups (2.2.8-5ubuntu1) cosmic; urgency=high
* do-not-locally-filter-printing-to-remote-cups-queue.patch: Avoid duplicate
application of pdftopdf filter (locally and remotely) when printing on auto-
discovered remote CUPS printer.
-- Till Kamppeter <email address hidden> Sun, 19 Aug 2018 20:36:01 +0200
-
cups (2.2.8-5) unstable; urgency=high
* CVE-2018-6553: Fix AppArmor cupsd sandbox bypass due to use of hard links
(Closes: #903605)
* All these were fixed in 2.2.8:
- CVE-2018-4180 Local Privilege Escalation to Root in dnssd Backend
(CUPS_SERVERBIN)
- CVE-2018-4181 Limited Local File Reads as Root via cupsd.conf Include
Directive
- CVE-2018-4182 cups-exec Sandbox Bypass Due to Insecure Error Handling
- CVE-2018-4183 cups-exec Sandbox Bypass Due to Profile Misconfiguration
-- Didier Raboud <email address hidden> Thu, 12 Jul 2018 18:48:48 +0200
-
cups (2.2.7-1ubuntu3) cosmic; urgency=medium
* SECURITY UPDATE: privilege escalation in dnssd backend
- debian/patches/CVE-2018-418x.patch: don't allow PassEnv and SetEnv to
override standard variables in man/cups-files.conf.man.in,
man/cupsd.conf.man.in, scheduler/conf.c, test/run-stp-tests.sh.
- CVE-2018-4180
* SECURITY UPDATE: local file read via Include directive
- debian/patches/CVE-2018-418x.patch: remove Include directive handling
in scheduler/conf.c.
- CVE-2018-4181
* SECURITY UPDATE: AppArmor sandbox bypass
- debian/local/apparmor-profile: also confine
/usr/lib/cups/backend/mdns.
- CVE-2018-6553
-- Marc Deslauriers <email address hidden> Fri, 22 Jun 2018 13:02:42 -0400
-
cups (2.2.7-1ubuntu2) bionic; urgency=medium
* Fixed another crash when creating temporary queues for IPP printers
(Issue #5290, LP: #1762476).
-- Till Kamppeter <email address hidden> Mon, 9 Apr 2018 21:44:01 +0200