Summary: | net-print/cups <1.2.12-r6 Remote cgiCompileSearch() Buffer overflow (CVE-2008-0047) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | major | CC: | printing | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
URL: | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674 | ||||||||||
Whiteboard: | B1 [glsa] | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-03-05 10:14:22 UTC
Timo, this issue is under embargo until 2008-03-18. Do not commit anything to CVS until this date. Please prepare an updated ebuild and attach it to this bug, we will do prestable testing here. Thanks. Created attachment 145338 [details, diff]
cups-1.2.12-CVE-2008-0047.patch
Upstream patch
Timo, please prepare an ebuild. Created attachment 145731 [details]
cups-1.2.12-r6.ebuild
With the same keywords like cups-1.2.12-r4.ebuild:
Stable: alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86
Testing: ~mips ~sparc-fbsd ~x86-fbsd
Created attachment 145733 [details]
cups-1.3.6-r2.ebuild
Many thanks to Peter Volkov (pva) for helping me out with the ebuilds and bugfixes!
Arch Security Liaisons, please test the attached ebuild ( =net-print/cups-1.2.12-r4 ) and report it stable on this bug. Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86" CC'ing current Liaisons: alpha : ferdy amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair release : pva sparc : fmccor x86 : opfer sparc is good with cups-1.2.12-r6. (Tested remote only using {.ps, .pdf} files, two different printers.) I think in Comment 6 you mean -1.2.12-r6. I didn't do anything with -1.3.6-r2. (In reply to comment #7) > I think in Comment 6 you mean -1.2.12-r6. Hgh.....my copy+paste foo is not improving as fast as I hoped. OK for HPPA. Works on x86 remote and local...only had time for 1.2.12-r6 -1.2.12-r6 looks good on ppc64. Looks good to go on amd64 public via URL. tgurr, printing, please commit the ebuild to the tree with the stable keywords earned in this bug. printing, I committed the ebuilds here since I could not get hold of tgurr since yesterday. I did not clean up older ebuilds. Now for the rest... Arches, please test and mark stable: =net-print/cups-1.2.12-r6 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86" Already stabled : "amd64 hppa ppc64 sparc x86" Missing keywords: "alpha arm ia64 m68k ppc release s390 sh" ia64 stable Stable on alpha. ppc stable, ready for glsa Fixed in release snapshot. draft in 'maker. GLSA 200804-01 |