Summary: | <net-print/cups-1.7.5: two vulnerabilities (CVE-2014-5030) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 513552 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2014-08-13 07:58:17 UTC
CVE-2014-5030 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5030): CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. This is fixed in CUPS 1.7.5, which I just added to the tree. Let's wait a week and then stabilize it. I don't see any additional bug reports coming in from the 1.7.4 -> 1.7.5 update, so let's continue. Arches please fast-stabilize net-print/cups-1.7.5 Target: all stable arches Stable for HPPA. amd64 stable x86 stable alpha stable ia64 stable ppc64 stable ppc stable sparc stable arm stable, all arches done. All vulnerable versions removed. Printing out. Arches and Maintainer(s), Thank you for your work. GLSA Vote: No GLSA vote: no. Closed as [noglsa]. |