From 2.4.7 release notes: +- CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript + in PPD files
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce0d28a882c7235e8dbc9e6c5814c4dd02294919 commit ce0d28a882c7235e8dbc9e6c5814c4dd02294919 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-09-27 04:17:40 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-27 04:17:40 +0000 net-print/cups: add 2.4.7 Bug: https://bugs.gentoo.org/914781 Signed-off-by: Sam James <sam@gentoo.org> net-print/cups/Manifest | 1 + net-print/cups/cups-2.4.7.ebuild | 318 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 319 insertions(+)
Ping. Please remove the vulnerable version 2.4.6.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e7fda950590c5976421bfc5b5694dcadd1281e90 commit e7fda950590c5976421bfc5b5694dcadd1281e90 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-18 08:55:48 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-02-18 08:56:12 +0000 [ GLSA 202402-17 ] CUPS: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/847625 Bug: https://bugs.gentoo.org/907675 Bug: https://bugs.gentoo.org/909018 Bug: https://bugs.gentoo.org/914781 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202402-17.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+)
