Summary: | <net-print/cups-2.3.3: Multiple vulnerabilities (CVE-2019-8842, CVE-2020-3898) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | printing |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-print/cups-2.3.3-r1 amd64 arm arm64 hppa ppc ppc64 s390 sparc x86
|
Runtime testing required: | --- |
Description
Sam James
2020-04-23 13:36:51 UTC
@maintainer(s), please apply the provided patch. CVE-2019-8842 (https://nvd.nist.gov/vuln/detail/CVE-2019-8842): The ippReadIO function may under-read an extension. Fixed in 2.3.3. Please bump. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e452ad1d49b71d242e05b8fe1fdb06e04879416 commit 9e452ad1d49b71d242e05b8fe1fdb06e04879416 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-04-28 09:58:50 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-04-28 09:59:10 +0000 net-print/cups: Security bump to version 2.3.3 CVE-2019-8842 and CVE-2020-3898 Bug: https://bugs.gentoo.org/719048 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-print/cups/Manifest | 1 + net-print/cups/cups-2.3.3.ebuild | 336 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 337 insertions(+) Thanks! Unable to check for sanity:
> no match for package: =net-print/cups-2.3.3
arm64 stable sparc stable hppa stable ppc/ppc64 stable amd64 stable arm stable x86 stable s390 stable. Maintainer(s), please cleanup. Security, please vote. @maintainer(s), ping, please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bf8af8a203a61a4fe6fbe5e1a8d58a5db0cfb3e commit 9bf8af8a203a61a4fe6fbe5e1a8d58a5db0cfb3e Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-06-20 01:37:16 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-20 01:38:53 +0000 net-print/cups: drop vulnerable Bug: https://bugs.gentoo.org/719048 Signed-off-by: Aaron Bauman <bman@gentoo.org> net-print/cups/Manifest | 2 - net-print/cups/cups-2.2.13.ebuild | 339 -------------------------------------- net-print/cups/cups-2.3.1.ebuild | 336 ------------------------------------- 3 files changed, 677 deletions(-) |