Summary: | net-print/cups: Logfile User Credentials Disclosure (CAN-2004-0923) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | marc.vila, printing |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.cups.org/str.php?L920 | ||
Whiteboard: | B4 [glsa] vorlon | ||
Package list: | Runtime testing required: | --- |
Description
Matthias Geerdsen (RETIRED)
2004-10-06 02:54:30 UTC
printing herd, please patch/bump as needed fedora already patched (upgraded) packages http://secunia.com/advisories/12737/ applied the patch to cups-1.1.20-r3 and cups-1.1.21-r1 arches pls test and mark stable cups-1.1.20-r3: current KEYWORDS="x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64 ~s390 ~ppc64" target KEYWORDS="x86 ppc sparc mips alpha arm hppa amd64 ia64 s390 ppc64" __ cups-1.1.21-r1 already has current/target KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64 ~s390 ~ppc64" forgot to add ppc64, pls also test cups-1.1.20-r3 and mark stable if possible sparc stable. ppc stable Stable on alpha. arm/hppa/ia64/s390 is all set stable amd64 Ready for a GLSA decision. I would say one is needed, it discloses exploitable passwords to local users, and that's bad. GLSA needed. GLSA 200410-06 mips and ppc64 don't forget to mark stable to benefit from the GLSA already stable on ppc64, .. thanks! Stable on mips. |