Description: "heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c" Patch: https://src.fedoraproject.org/rpms/cups/blob/c1920d09b842bd2d0611559d00d595abd8aa2424/f/cups-ppdopen-heap-overflow.patch RH bug: https://bugzilla.redhat.com/show_bug.cgi?id=1823964
@maintainer(s), please apply the provided patch.
CVE-2019-8842 (https://nvd.nist.gov/vuln/detail/CVE-2019-8842): The ippReadIO function may under-read an extension.
Fixed in 2.3.3. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e452ad1d49b71d242e05b8fe1fdb06e04879416 commit 9e452ad1d49b71d242e05b8fe1fdb06e04879416 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-04-28 09:58:50 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-04-28 09:59:10 +0000 net-print/cups: Security bump to version 2.3.3 CVE-2019-8842 and CVE-2020-3898 Bug: https://bugs.gentoo.org/719048 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-print/cups/Manifest | 1 + net-print/cups/cups-2.3.3.ebuild | 336 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 337 insertions(+)
Thanks!
Unable to check for sanity: > no match for package: =net-print/cups-2.3.3
arm64 stable
sparc stable
hppa stable
ppc/ppc64 stable
amd64 stable
arm stable
x86 stable
s390 stable. Maintainer(s), please cleanup. Security, please vote.
@maintainer(s), ping, please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bf8af8a203a61a4fe6fbe5e1a8d58a5db0cfb3e commit 9bf8af8a203a61a4fe6fbe5e1a8d58a5db0cfb3e Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-06-20 01:37:16 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-20 01:38:53 +0000 net-print/cups: drop vulnerable Bug: https://bugs.gentoo.org/719048 Signed-off-by: Aaron Bauman <bman@gentoo.org> net-print/cups/Manifest | 2 - net-print/cups/cups-2.2.13.ebuild | 339 -------------------------------------- net-print/cups/cups-2.3.1.ebuild | 336 ------------------------------------- 3 files changed, 677 deletions(-)