CVE-2013-6891 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6891): lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. @maintainers: Please CC arches when ready to stable.
Please stabilize net-print/cups-1.7.1 Target: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Note that this needs to go togehter with / depends on bug 437654, since cups-1.7.1 depends on cups-filters-1.0.43
Stable for HPPA.
amd64 stable
x86 stable
ia64 stable
ppc stable
arm stable
alpha stable
ppc64 stable
sparc stable. Maintainer(s), please cleanup. Security, please vote.
Thanks for your work GLSA vote: no
GLSA vote: no. Closing as [noglsa].