[Pkg-hpijs-devel] Bug#635549: #635549: Two hplip security issues
Didier Raboud
odyx at debian.org
Fri Nov 25 13:04:44 UTC 2011
Le vendredi, 25 novembre 2011 12.16:06, Didier Raboud a écrit :
> >
> > 2. Insecure tempfile handling:
> > https://bugzilla.novell.com/show_bug.cgi?id=704608
> > https://bugs.launchpad.net/hplip/+bug/809904
> > This is CVE-2011-2722
>
> This seems to be fixed in 3.11.10, hence again, only stable is affected.
The attached dpatch against the version currently in stable does fix that bug.
As for oldstable, I couldn't find any occurence of this bug in the source
code.
Cheers,
OdyX
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2011-2722.dpatch
Type: application/x-shellscript
Size: 1480 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-hpijs-devel/attachments/20111125/ebe7c810/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-hpijs-devel/attachments/20111125/ebe7c810/attachment-0001.pgp>
More information about the Pkg-hpijs-devel
mailing list