[Pkg-hpijs-devel] Bug#635549: #635549: Two hplip security issues
Didier Raboud
odyx at debian.org
Fri Nov 25 11:16:06 UTC 2011
found 635549 3.10.6-2
notfound 635549 3.11.10
thanks
Hi Moritz,
Le mardi, 26 juillet 2011 23.07:01, Moritz Muehlenhoff a écrit :
>
> Two security issues have been reported in hplip:
>
> 1. Shell command injection in foomatic-rip-hplip:
> https://bugzilla.novell.com/show_bug.cgi?id=698451
> This is CVE-2011-2697
As far as I can see, the culprit file is foomatic-rip-hplip, which is only
shipped in hplip-ppds, and only in stable; testing and unstable versions rely
on the fixed foomatic-rip from the foomatic-filters package.
> 2. Insecure tempfile handling:
> https://bugzilla.novell.com/show_bug.cgi?id=704608
> https://bugs.launchpad.net/hplip/+bug/809904
> This is CVE-2011-2722
This seems to be fixed in 3.11.10, hence again, only stable is affected.
> This should be fixed in a DSA, could you prepared updated
> packages?
I will try to, but would be happier if the HPLIP team could do this security
upload themselves (4 months without a single response; meh).
Cheers,
--
OdyX
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-hpijs-devel/attachments/20111125/7caca304/attachment.pgp>
More information about the Pkg-hpijs-devel
mailing list