Ubuntu
cups package

Change logs for cups source package in Cosmic

Cosmic (18.10)
Change log

cups (2.2.8-5ubuntu1.4) cosmic; urgency=medium

  * d/p/0045-Fix-an-issue-with-PreserveJobHistory-and-time-values.patch
    Fix an issue with `PreserveJobHistory` and time values
    (Issue #5538, Closes: #921741, LP: #1747765)

 -- Dariusz Gadomski <email address hidden>  Thu, 30 May 2019 14:11:53 +0200

cups (2.2.8-5ubuntu1.3) cosmic; urgency=medium

  * d/p/systemd-service-for-cupsd-after-sssd.patch: Start cupsd after sssd if
    installed (LP: #1822062)

 -- Victor Tapia <email address hidden>  Wed, 24 Apr 2019 17:21:13 +0200

cups (2.2.8-5ubuntu1.2) cosmic; urgency=medium

  * fix-handling-of-MaxJobTime.patch: Fix handling of MaxJobTime 0
    (LP: #1804576)

 -- Dariusz Gadomski <email address hidden>  Wed, 12 Dec 2018 08:27:17 +0100

cups (2.2.8-5ubuntu1.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: predictable session cookies
    - debian/patches/CVE-2018-4700.patch: use better seed in cgi-bin/var.c.
    - CVE-2018-4700

 -- Marc Deslauriers <email address hidden>  Fri, 16 Nov 2018 14:03:27 -0500

cups (2.2.8-5ubuntu1) cosmic; urgency=high

  * do-not-locally-filter-printing-to-remote-cups-queue.patch: Avoid duplicate
    application of pdftopdf filter (locally and remotely) when printing on auto-
    discovered remote CUPS printer.

 -- Till Kamppeter <email address hidden>  Sun, 19 Aug 2018 20:36:01 +0200

cups (2.2.8-5) unstable; urgency=high

  * CVE-2018-6553: Fix AppArmor cupsd sandbox bypass due to use of hard links
    (Closes: #903605)
  * All these were fixed in 2.2.8:
    - CVE-2018-4180 Local Privilege Escalation to Root in dnssd Backend
      (CUPS_SERVERBIN)
    - CVE-2018-4181 Limited Local File Reads as Root via cupsd.conf Include
      Directive
    - CVE-2018-4182 cups-exec Sandbox Bypass Due to Insecure Error Handling
    - CVE-2018-4183 cups-exec Sandbox Bypass Due to Profile Misconfiguration

 -- Didier Raboud <email address hidden>  Thu, 12 Jul 2018 18:48:48 +0200

cups (2.2.7-1ubuntu3) cosmic; urgency=medium

  * SECURITY UPDATE: privilege escalation in dnssd backend
    - debian/patches/CVE-2018-418x.patch: don't allow PassEnv and SetEnv to
      override standard variables in man/cups-files.conf.man.in,
      man/cupsd.conf.man.in, scheduler/conf.c, test/run-stp-tests.sh.
    - CVE-2018-4180
  * SECURITY UPDATE: local file read via Include directive
    - debian/patches/CVE-2018-418x.patch: remove Include directive handling
      in scheduler/conf.c.
    - CVE-2018-4181
  * SECURITY UPDATE: AppArmor sandbox bypass
    - debian/local/apparmor-profile: also confine
      /usr/lib/cups/backend/mdns.
    - CVE-2018-6553

 -- Marc Deslauriers <email address hidden>  Fri, 22 Jun 2018 13:02:42 -0400

cups (2.2.7-1ubuntu2) bionic; urgency=medium

  * Fixed another crash when creating temporary queues for IPP printers
    (Issue #5290, LP: #1762476).

 -- Till Kamppeter <email address hidden>  Mon,  9 Apr 2018 21:44:01 +0200

Ubuntucups package

Change logs for cups source package in Cosmic

Ubuntu
cups package