Comment 1 Yury German 2015-12-01 23:58:35 UTC

https://www.openprinting.org/download/cups-filters/

Hi,

I have released cups-filters 1.2.0 now, with the following changes:

        - cups-browsed: When using IP-address-based device URIs via
          the "IPBasedDeviceURIs" directive in cups-browsed.conf, add
          two additional settings to restrict the used IP addresses to
          either only IPv4 addresses or only IPv6 addresses.
        - foomatic-rip: SECURITY FIX: Also consider the back tick
          ('`') as an illegal shell escape character. Thanks to Michal
          Kowalczyk from the Google Security Team for the hint
          (CVE-2015-8327).

I would appreciate if you could upload it to Debian soon so that it syncs into Ubuntu, as it is needed for further development work on Ubuntu.

Comment 2 Manuel Rüger (RETIRED) 2015-12-15 20:09:56 UTC

CHANGES IN V1.4.0

	- foomatic-rip: SECURITY FIX: Also consider the semicolon
	  (';') as an illegal shell escape character. Thanks to Adam
	  Chester (adam dot chester at pentest dot co dot uk) for the
	  hint (CVE-2015-8560).
	- brftoembosser, imagetobrf, imagetoubrl, imageubrltoindexv3,
	  imageubrltoindexv4, textbrftoindexv3, textbrftoindexv4,
	  texttobrf, braille.convs, braille.types, generic-brf.drv,
	  indexv3.drv, indexv4.drv: Added support for Braille
	  embossing via CUPS. Text and even images can now be sent to
	  a Braille embosser like to a printer. Thanks to Samuel
	  Thibault (samuel dot thibault at ens-lyon dot org) for this
	  contribution.

Comment 3 Yury German 2015-12-25 01:03:27 UTC

Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.

Comment 4 Matthias Maier 2016-01-12 16:50:50 UTC

Arches please stabilize
  =net-print/cups-filters-1.5.0

Keywords for net-print/cups-filters:
         |                                 | u   |  
         | a a   a         n   p r     s   | n   |  
         | l m   r h i m m i   p i s   p   | u s | r
         | p d a m p a 6 i o p c s 3   a x | s l | e
         | h 6 r 6 p 6 8 p s p 6 c 9 s r 8 | e o | p
         | a 4 m 4 a 4 k s 2 c 4 v 0 h c 6 | d t | o
---------+---------------------------------+-----+-------
  1.0.71 | + + + o + + o ~ o + + o ~ o + + | o 0 | gentoo
   1.4.0 | ~ ~ ~ ~ ~ ~ o ~ o ~ ~ o ~ o ~ ~ | #   | gentoo
[I]1.5.0 | ~ ~ ~ ~ ~ ~ o ~ o ~ ~ o ~ o ~ ~ | o   | gentoo
    9999 | o o o o o o o o o o o o o o o o | o   | gentoo

Comment 5 Agostino Sarubbo 2016-01-14 11:56:14 UTC

amd64 stable

Comment 6 Markus Meier 2016-01-17 11:32:06 UTC

arm stable

Comment 7 Tobias Klausmann (RETIRED) 2016-01-17 15:58:55 UTC

Stable on alpha.

Comment 8 Agostino Sarubbo 2016-01-17 17:07:42 UTC

ppc stable

Comment 9 Jeroen Roovers (RETIRED) 2016-01-18 04:52:57 UTC

Stable for HPPA PPC64.

Comment 10 Andreas Schürch 2016-01-18 18:38:29 UTC

x86 done.

Comment 11 Yury German 2016-02-25 06:36:26 UTC

Ping on ia64 and sparc stabilization, for this vulnerability.

Comment 12 Agostino Sarubbo 2016-03-19 11:37:17 UTC

sparc stable

Comment 13 Agostino Sarubbo 2016-03-20 12:01:28 UTC

ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 14 SpanKY 2016-03-23 06:29:03 UTC

dropped now

Comment 15 Yury German 2016-04-26 06:01:52 UTC

Arches and Maintainer(s), Thank you for your work.
GLSA Vote: No
Closing as [noglsa].