-
cups (2.3.1-9ubuntu1.6) focal-security; urgency=medium
* SECURITY UPDATE: Postscript parsing heap overflow
- debian/patches/CVE-2023-4504.patch: properly check for end of buffer
in cups/raster-interpret.c.
- CVE-2023-4504
-- Marc Deslauriers <email address hidden> Fri, 15 Sep 2023 07:20:26 -0400
-
cups (2.3.1-9ubuntu1.5) focal-security; urgency=medium
* SECURITY UPDATE: recently printed documents authentication issue
- debian/patches/CVE-2023-32360.patch: require authentication for
CUPS-Get-Document in conf/cupsd.conf.in.
- CVE-2023-32360
-- Marc Deslauriers <email address hidden> Mon, 11 Sep 2023 12:30:19 -0400
-
cups (2.3.1-9ubuntu1.4) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free in cupsdAcceptClient()
- debian/patches/CVE-2023-34241.patch: log result of httpGetHostname
BEFORE closing the connection in scheduler/client.c.
- CVE-2023-34241
-- Marc Deslauriers <email address hidden> Tue, 13 Jun 2023 08:17:47 -0400
-
cups (2.3.1-9ubuntu1.3) focal-security; urgency=medium
* SECURITY UPDATE: DoS via buffer overflow in format_log_line
- debian/patches/CVE-2023-32324.patch: check _cups_strlcpy size in
cups/string.c.
- CVE-2023-32324
-- Marc Deslauriers <email address hidden> Thu, 25 May 2023 08:43:14 -0400
-
cups (2.3.1-9ubuntu1.2) focal-security; urgency=medium
* SECURITY UPDATE: buffer overflow in ippReadIO
- debian/patches/CVE-2019-8842.patch: fix check in cups/ipp.c.
- CVE-2019-8842
* SECURITY UPDATE: buffer overflow in ippReadIO
- debian/patches/CVE-2020-10001.patch: fix bounds checks in cups/ipp.c.
- CVE-2020-10001
* SECURITY UPDATE: Local authorization cert bypass
- debian/patches/CVE-2022-26691-1.patch: fix string comparison in
scheduler/cert.c.
- debian/patches/CVE-2022-26691-2.patch: fix the comment in
scheduler/cert.c.
- CVE-2022-26691
-- Marc Deslauriers <email address hidden> Fri, 27 May 2022 10:51:54 -0400
-
cups (2.3.1-9ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2020-3898.patch: properly handle invalid
resolution names in cups/ppd.c, ppdc/ppdc-source.cxx.
- CVE-2020-3898
-- Marc Deslauriers <email address hidden> Fri, 24 Apr 2020 10:37:14 -0400
-
cups (2.3.1-9ubuntu1) focal; urgency=medium
* Revert all the CI test changes
* Add the bug fixes (not CI test changes of 2.3.1-10:
- Add Requires=cups.socket to cups.service, to make sure they start in
the right order
- Add patch proposal from RedHat to fix leakage of ppd (Issue: #5738)
-- Till Kamppeter <email address hidden> Mon, 24 Feb 2020 16:45:01 +0100
-
cups (2.3.1-9) unstable; urgency=medium
* CI Tests: Ensure the job files are non-empty; should detect more
regressions
-- Didier Raboud <email address hidden> Sat, 22 Feb 2020 17:19:46 +0100
-
cups (2.3.1-7) unstable; urgency=medium
* Add patch to fix conversion of PPD InputSlot choice names; this should fix
printers ignoring the paper tray selection (Issue: #5740, Closes: #949315)
* lintian-brush:
- Set upstream metadata fields: Bug-Database, Repository, Repository-Browse
- Rewrap some d/changelog entries
-- Didier Raboud <email address hidden> Mon, 17 Feb 2020 09:19:56 +0100
-
cups (2.3.1-6) unstable; urgency=medium
* Patch test suite to also ignore 'Job held' lines in error_log line
counting
-- Didier Raboud <email address hidden> Sat, 08 Feb 2020 11:52:44 +0100
-
cups (2.3.1-5) unstable; urgency=medium
* Move towards driverless-centered installation:
- Drop all printer-driver-* and hplip recommends/suggests
* Cleanup all versions from pre- Debian stable
* Bump S-V to 4.5.0 without changes needed
-- Didier Raboud <email address hidden> Fri, 07 Feb 2020 17:08:48 +0100
-
cups (2.3.1-4) unstable; urgency=medium
* Cleanup patch queue for cups' bts URLs and patch names
* Update README.Debian to remove leftover SystemdIdleExit references
-- Didier Raboud <email address hidden> Thu, 30 Jan 2020 20:35:47 +0100
-
cups (2.3.1-2) unstable; urgency=medium
* Drop pwg-raster-attributes.patch
* Amend 2.3.1-1 changelog entry to add missing Ubuntu package drop and CVE
bug closure
-- Didier Raboud <email address hidden> Sun, 26 Jan 2020 15:23:24 +0100
-
cups (2.3.1-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Omit cups and cups-core-drivers packages on i386. (Closes: #947185)
cups (2.3.1-1) unstable; urgency=medium
[ Didier Raboud ]
* New 2.3.1 upstream release:
- CVE-2019-2228: The `ippSetValuetag` function did not validate the
default language value
[ Helge Kreutzmann ]
* Update German man page (2207t)
-- Gianfranco Costamagna <email address hidden> Mon, 20 Jan 2020 10:16:46 +0100
-
cups (2.3.0-7ubuntu1) focal; urgency=medium
* Omit cups and cups-core-drivers packages on i386.
-- Steve Langasek <email address hidden> Sun, 22 Dec 2019 11:10:53 -0600
-
cups (2.3.0-7) unstable; urgency=medium
* Packaging cleanup:
- Set upstream metadata fields: Repository
- Rely on pre-initialized dpkg-architecture variables
- Fix day-of-week for changelog entries 1.0.1-1
- Bump Standards-Version to 4.4.1 without changes needed
- Replace dh-exec usage with manual renaming in debian/rules
-- Didier Raboud <email address hidden> Wed, 06 Nov 2019 08:57:40 +0100
-
cups (2.3.0-6) unstable; urgency=medium
[ Didier Raboud ]
* Tests-drivers: Cleanup output
[ intrigeri ]
* AppArmor: support cups-pdf "Out" directory pointing to almost anywhere
below $HOME (Closes: #940578)
-- Didier Raboud <email address hidden> Thu, 31 Oct 2019 08:44:29 +0100
-
cups (2.2.12-2ubuntu1) eoan; urgency=medium
* Add workaround for systemd's lack of true launch-on-demand
support (Upstream issue #5640).
-- Till Kamppeter <email address hidden> Fri, 5 Sep 2019 19:03:01 +0200
