[Pkg-hpijs-devel] Bug#635549: #635549: Two hplip security issues
Didier Raboud
odyx at debian.org
Fri Nov 25 13:43:49 UTC 2011
Le vendredi, 25 novembre 2011 12.22:24, Didier Raboud a écrit :
> > Le mardi, 26 juillet 2011 23.07:01, Moritz Muehlenhoff a écrit :
> > >
> > > 1. Shell command injection in foomatic-rip-hplip:
> > > https://bugzilla.novell.com/show_bug.cgi?id=698451
> > > This is CVE-2011-2697
> >
> > As far as I can see, the culprit file is foomatic-rip-hplip, which is
> > only shipped in hplip-ppds, and only in stable; testing and unstable
> > versions rely on the fixed foomatic-rip from the foomatic-filters
> > package.
> usr/lib/cups/filter/foomatic-rip-hplip (supposedly culprit file) is already
> a symlink to usr/lib/cups/filter/foomatic-rip in the stable package. So
> this CVE doesn't affect any version bigger than what is in stable
And foomatic-rip-hplip is not in oldstable either, so it seems CVE-2011-2697
doesn't affect any currently released hplip.
Cheers,
--
OdyX
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-hpijs-devel/attachments/20111125/ae6554fd/attachment.pgp>
More information about the Pkg-hpijs-devel
mailing list