[Pkg-hpijs-devel] Bug#635549: Stable update of hplip for CVE-2011-2722 (#635549) ?
Didier Raboud
odyx at debian.org
Fri Nov 25 13:58:55 UTC 2011
Dear Release Team,
after taking a closer look to #635549 and an IRC chat with the Security
people, I propose to upload hplip to stable with the following changelog
entry:
hplip (3.10.6-2+squeeze0) stable; urgency=low
* Fix CVE-2011-2722 "Insecure tempfile handling" by patching the culprit
code out. (Closes: #635549)
-- Didier Raboud <odyx at debian.org> Fri, 25 Nov 2011 14:53:50 +0100
Debdiff and dpatch are attached; please comment.
Cheers,
--
OdyX
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hplip_3.10.6-2+squeeze0.debdiff
Type: text/x-patch
Size: 2377 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-hpijs-devel/attachments/20111125/75fa960b/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2011-2722.dpatch
Type: application/x-shellscript
Size: 1481 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-hpijs-devel/attachments/20111125/75fa960b/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-hpijs-devel/attachments/20111125/75fa960b/attachment.pgp>
More information about the Pkg-hpijs-devel
mailing list