Summary: | <net-print/cups-filters-1.28.17-r2: RCE via beh filter | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | printing |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x | ||
Whiteboard: | B1 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 907063 | ||
Bug Blocks: |
Description
Hanno Böck
2023-05-22 13:17:34 UTC
You can pull backported patch from debian, if you want to. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c29811eb73520dcfab06a38a184c8f4bf358793 commit 2c29811eb73520dcfab06a38a184c8f4bf358793 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2023-05-24 08:01:57 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2023-05-24 08:04:46 +0000 net-print/cups-filters: drop 1.28.15-r1, 1.28.16-r3, 1.28.17-r1 Bug: https://bugs.gentoo.org/906944 Signed-off-by: Matthias Maier <tamiko@gentoo.org> net-print/cups-filters/Manifest | 2 - .../cups-filters/cups-filters-1.28.15-r1.ebuild | 130 ------------------ .../cups-filters/cups-filters-1.28.16-r3.ebuild | 144 -------------------- .../cups-filters/cups-filters-1.28.17-r1.ebuild | 149 --------------------- 4 files changed, 425 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8827cf3d0bb159273e683698824d4572882af9e commit d8827cf3d0bb159273e683698824d4572882af9e Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2023-05-24 08:00:01 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2023-05-24 08:04:46 +0000 net-print/cups-filters: apply patch for CVE-2023-24805 Bug: https://bugs.gentoo.org/906944 Signed-off-by: Matthias Maier <tamiko@gentoo.org> .../cups-filters/cups-filters-1.28.17-r2.ebuild | 150 ++++++++++++++ .../cups-filters-1.28.17-CVE-2023-24805.patch | 225 +++++++++++++++++++++ 2 files changed, 375 insertions(+) Ping. Can vulnerable version 1.28.17 be removed? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=776d18384108722f0d7f23ff86807acd7150ec79 commit 776d18384108722f0d7f23ff86807acd7150ec79 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-12-22 01:22:51 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-12-22 01:27:22 +0000 net-print/cups-filters: drop 1.28.17 Bug: https://bugs.gentoo.org/906944 Signed-off-by: John Helmert III <ajak@gentoo.org> net-print/cups-filters/cups-filters-1.28.17.ebuild | 147 --------------------- 1 file changed, 147 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=13307cb5778acc25f47ab91c29f839443f3a4cf8 commit 13307cb5778acc25f47ab91c29f839443f3a4cf8 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-05 14:26:44 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-05 14:27:10 +0000 [ GLSA 202401-06 ] CUPS filters: Remote Code Execution Bug: https://bugs.gentoo.org/906944 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-06.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) |