[Pkg-cups-devel] squeeze update of cups?
Didier 'OdyX' Raboud
odyx at debian.org
Wed Mar 4 21:25:12 UTC 2015
Le vendredi, 27 février 2015, 04.39:08 Ben Hutchings a écrit :
> On Fri, 2015-02-27 at 03:17 +0000, Ben Hutchings wrote:
> > This does not fix the bug!
>
> I cherry-picked git commit 6c087a72a0708bcb7929955c75770ee364755c42
> ("Add some range checking (probably more to come) to avoid divide-by-0
> errors."), after which the critical hunk of the patch for
> CVE-2014-9679 applied cleanly. With Didier's original patch,
>
> zcat bogus.raster.gz | rastertohp foo bar baz 1 ''
>
> still crashes (segmentation fault). With the two patches applied, it
> fails cleanly (no pages found). I was still able to print a test page
> (though I'm not certain that this uses the raster filter code in my
> configuration).
>
> So I've uploaded with those two patches applied.
Thanks! I've now updated the VCS with your patches.
http://anonscm.debian.org/cgit/printing/cups.git/log/?h=master-squeeze-lts
OdyX
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20150304/784590b1/attachment.sig>
More information about the Pkg-cups-devel
mailing list