See: http://www.heise-online.co.uk/security/Security-vulnerability-in-CUPS-Unix-print-service-fixed--/news/110455 and http://www.cups.org/str.php?L2729 http://www.cups.org/str.php?L2765
As far as I can see, both 1.2.12-r7 and 1.3.6-r3 are not affected by the flaws. Please reopen if you think otherwise. *** This bug has been marked as a duplicate of bug 214068 ***