Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 293865 (CVE-2009-2820) - <net-print/cups-1.3.11-r1 Several XSS flaws in forms processed by CUPS web interface (CVE-2009-2820)
Summary: <net-print/cups-1.3.11-r1 Several XSS flaws in forms processed by CUPS web in...
Alias: CVE-2009-2820
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: A4 [noglsa]
: 287480 (view as bug list)
Depends on:
Reported: 2009-11-20 16:53 UTC by Timo Gurr (RETIRED)
Modified: 2009-12-18 08:17 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Timo Gurr (RETIRED) gentoo-dev 2009-11-20 16:53:41 UTC
Several cross-site scripting (XSS) flaws were found in the way CUPS web
server interface used to process HTML form(s) content. A remote attacker
could provide a specially-crafted HTML page(s), which once visited, by
a local, unsuspecting user could lead to intended client-side security
mechanisms bypass or, potentially, to injecting of malicious scripts into
web pages, processed by CUPS web interface.

Aaron Sigel of Apple Product Security

Suggestion (tgurr):
Stabilize =net-print/cups-1.3.11-r1 which has the security patches provided by upstream applied.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-11-20 17:02:59 UTC
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 2 Timo Gurr (RETIRED) gentoo-dev 2009-11-20 17:04:05 UTC
*** Bug 287480 has been marked as a duplicate of this bug. ***
Comment 3 nixnut (RETIRED) gentoo-dev 2009-11-21 19:35:57 UTC
ppc stable
Comment 4 Tobias Klausmann (RETIRED) gentoo-dev 2009-11-22 11:47:57 UTC
Stable on alpha.
Comment 5 Markus Meier gentoo-dev 2009-11-23 13:25:05 UTC
amd64/arm/x86 stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2009-11-23 15:54:49 UTC
ia64/m68k/s390/sh/sparc stable 
Comment 7 Brent Baude (RETIRED) gentoo-dev 2009-11-23 17:16:19 UTC
ppc64 done
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2009-11-24 04:02:33 UTC
Stable for HPPA.
Comment 9 Stefan Behte (RETIRED) gentoo-dev Security 2009-12-18 02:09:24 UTC
GLSA vote: no.
Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-12-18 08:17:29 UTC
no too, closing