[Pkg-hpijs-devel] Bug#635549: #635549: Two hplip security issues
odyx at debian.org
Fri Nov 25 11:22:24 UTC 2011
Le vendredi, 25 novembre 2011 12.16:06, Didier Raboud a écrit :
> found 635549 3.10.6-2
> notfound 635549 3.11.10
> Hi Moritz,
> Le mardi, 26 juillet 2011 23.07:01, Moritz Muehlenhoff a écrit :
> > Two security issues have been reported in hplip:
> > 1. Shell command injection in foomatic-rip-hplip:
> > https://bugzilla.novell.com/show_bug.cgi?id=698451
> > This is CVE-2011-2697
> As far as I can see, the culprit file is foomatic-rip-hplip, which is only
> shipped in hplip-ppds, and only in stable; testing and unstable versions
> rely on the fixed foomatic-rip from the foomatic-filters package.
usr/lib/cups/filter/foomatic-rip-hplip (supposedly culprit file) is already a
symlink to usr/lib/cups/filter/foomatic-rip in the stable package. So this CVE
doesn't affect any version bigger than what is in stable
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 665 bytes
Desc: This is a digitally signed message part.
More information about the Pkg-hpijs-devel