Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 702826 (CVE-2019-2228) - <net-print/cups-2.2.13: ippSetValuetag function does not validate the default language value (CVE-2019-2228)
Summary: <net-print/cups-2.2.13: ippSetValuetag function does not validate the default...
Status: RESOLVED FIXED
Alias: CVE-2019-2228
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://github.com/apple/cups/release...
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-14 11:20 UTC by Lars Wendler (Polynomial-C) (RETIRED)
Modified: 2020-03-26 18:26 UTC (History)
1 user (show)

See Also:
Package list:
net-print/cups-2.2.13
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2019-12-14 11:20:58 UTC 
From their release notes:

CVE-2019-2228: The ippSetValuetag function did not validate the default language value.
Comment 1 Larry the Git Cow gentoo-dev 2019-12-14 11:26:53 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16b21623f1919a44dd48a7aa49271fd2b0260cb0

commit 16b21623f1919a44dd48a7aa49271fd2b0260cb0
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-12-14 11:26:26 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-12-14 11:26:47 +0000

    net-print/cups: Security bump to versions 2.2.13 and 2.3.1
    
    CVE-2019-2228
    
    Bug: https://bugs.gentoo.org/702826
    Package-Manager: Portage-2.3.81, Repoman-2.3.20
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-print/cups/Manifest           |   2 +
 net-print/cups/cups-2.2.13.ebuild | 339 ++++++++++++++++++++++++++++++++++++++
 net-print/cups/cups-2.3.1.ebuild  | 336 +++++++++++++++++++++++++++++++++++++
 3 files changed, 677 insertions(+)
Comment 2 Agostino Sarubbo gentoo-dev 2019-12-24 10:56:25 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2019-12-24 11:09:38 UTC 
x86 stable
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-12-24 14:00:00 UTC 
arm stable
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2019-12-24 19:25:41 UTC 
arm64 stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2019-12-25 21:01:34 UTC 
ia64 stable
Comment 7 Rolf Eike Beer archtester 2019-12-26 10:09:12 UTC 
hppa/sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-12-31 14:17:56 UTC 
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2019-12-31 14:21:32 UTC 
ppc64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-01-03 13:27:02 UTC 
s390 stable
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-15 04:44:53 UTC 
@maintainer(s), ok to cleanup?
Comment 12 Larry the Git Cow gentoo-dev 2020-03-15 10:07:11 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3fc237966c64e2609473a403bfe4f6233314a03

commit b3fc237966c64e2609473a403bfe4f6233314a03
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-03-15 10:06:13 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-03-15 10:06:13 +0000

    net-print/cups: Security cleanup
    
    Bug: https://bugs.gentoo.org/702826
    Package-Manager: Portage-2.3.93, Repoman-2.3.20
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-print/cups/Manifest           |   2 -
 net-print/cups/cups-2.2.12.ebuild | 339 --------------------------------------
 net-print/cups/cups-2.3.0.ebuild  | 336 -------------------------------------
 3 files changed, 677 deletions(-)
Comment 13 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-26 18:26:51 UTC 
GLSA Vote: No

Repository is clean, all done!