Several cross-site scripting (XSS) flaws were found in the way CUPS web
server interface used to process HTML form(s) content. A remote attacker
could provide a specially-crafted HTML page(s), which once visited, by
a local, unsuspecting user could lead to intended client-side security
mechanisms bypass or, potentially, to injecting of malicious scripts into
web pages, processed by CUPS web interface.
Aaron Sigel of Apple Product Security
Stabilize =net-print/cups-1.3.11-r1 which has the security patches provided by upstream applied.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
*** Bug 287480 has been marked as a duplicate of this bug. ***
Stable on alpha.
Stable for HPPA.
GLSA vote: no.
no too, closing