Format: 1.7
Date: Thu, 08 Jan 2009 10:28:34 -0500
Source: cupsys
Binary: libcupsys2-dev cupsys libcupsys2 libcupsimage2 cupsys-common cupsys-client cupsys-bsd libcupsimage2-dev
Architecture: i386_translations i386 all
Version: 1.3.2-1ubuntu7.9
Distribution: gutsy
Urgency: low
Maintainer: Ubuntu/i386 Build Daemon <buildd@rothera.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 cupsys     - Common UNIX Printing System(tm) - server
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
 cupsys-common - Common UNIX Printing System(tm) - common files
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System(tm) - libs
 libcupsys2-dev - Common UNIX Printing System(tm) - development files
Launchpad-Bugs-Fixed: 298241 298241
Changes: 
 cupsys (1.3.2-1ubuntu7.9) gutsy-security; urgency=low
 .
   * SECURITY UPDATE: denial of service by adding a large number of RSS
     subscriptions (LP: #298241)
     - debian/patches/81_CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions
       being reached in scheduler/{ipp.c,subscriptions.c}.
     - CVE-2008-5183
   * SECURITY UPDATE: unauthorized access to RSS subscription functions in
     web interface (LP: #298241)
     - debian/patches/82_CVE-2008-5184.dpatch: make sure user is authenticated
       in /cgi-bin/admin.c.
     - CVE-2008-5184
   * SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG
     image with a large height value
     - This issue was introduced in the patch for CVE-2008-1722.
     - debian/patches/77_CVE-2008-1722.dpatch: adjust patch to multiply img->xsize
       instead of img->ysize so we don't overflow in filter/image-png.c.
     - CVE-2008-5286
   * SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack
     - debian/filters/pstopdf: use the cleaned-up version from Debian.
     - CVE-2008-5377
Files: 
 2a130e02392de2ce721ac25a9a71ef0f 1080428 net optional cupsys-common_1.3.2-1ubuntu7.9_all.deb
 48a8561db8bd61110b52d4869162cde4 1091102 raw-translations - cupsys_1.3.2-1ubuntu7.9_i386_translations.tar.gz
 69d7d5292ed78f5a5dca16d9be7d9ebe 183548 libs optional libcupsys2_1.3.2-1ubuntu7.9_i386.deb
 a2a663a767af4beccac469b36af692b4 46256 libs optional libcupsimage2_1.3.2-1ubuntu7.9_i386.deb
 6217c3d4a08b575b0fd01a2f0b6d9965 2018562 net optional cupsys_1.3.2-1ubuntu7.9_i386.deb
 33d1e6cc218245db992e2b8337d63fad 86482 net optional cupsys-client_1.3.2-1ubuntu7.9_i386.deb
 099603137d153ed2f50e0154fde6811f 145696 libdevel optional libcupsys2-dev_1.3.2-1ubuntu7.9_i386.deb
 228f15292895fb6714cf83ac08376530 58836 libdevel optional libcupsimage2-dev_1.3.2-1ubuntu7.9_i386.deb
 6742a1d19a47e85b583bfc6cc8e5bef1 36480 net extra cupsys-bsd_1.3.2-1ubuntu7.9_i386.deb
Original-Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>