| Summary: | net-print/hplip Arbitrary command execution (CVE-2007-5208) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | calchan, printing |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=319921 | ||
| Whiteboard: | B1/C0 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Robert Buchholz (RETIRED)
2007-10-12 01:04:26 UTC
Denis and printing, please advise. (In reply to comment #1) > Denis and printing, please advise. I'm having a real life emergency since a few days, but I'll send this at the top of my Gentoo TODO list. I should be able to look into this later today (not before 2000 UTC though). I've had a quick look at the patch though, and it applies in a cleanish way on the 2.x series, but not on the 1.x series. So I'll have to manually create a patch for the 1.x stuff. This should be easy. About the security issue itself, it's far beyond my understanding so I'll have to trust the Red Hat people unless somebody else knows better. Denis. Any news on this one? I've just fixed the new 2.x branch. I'm now proceeding to look into the old stuff. Upstream says the fix will be in 2.7.10. Denis. Old 1.x branch is now cleaned-up and fixed too. Security, feel free to stabilize hplip-1.7.4a-r2 and close this bug whenever you want. Denis. Thx Denis. Arches please test and mark stable. Target keywords are: hplip-1.7.4a-r2.ebuild:KEYWORDS="amd64 ppc ~ppc64 x86" x86 stable ppc stable amd64 stable GLSA request filed. Old ebuild removed after stabilization. All that's left in the tree is now clean. Denis. GLSA 200710-26, thanks everybody! |