tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Fix for print/cups15 CERT VU #810572/CVE-2015-1158/CVE-2015-1159



Edgar Fuß <ef%math.uni-bonn.de@localhost> writes:

> Is someone working on the recent CUPS vulnerabilities?

Apparently not :(

> My impression is that applying
> 	https://www.cups.org/strfiles.php/3482/str4609-1.5.patch
> would fix print/cups15, while print/cups could be updated from 2.0.2
> to 2.0.3.

wiz just did 2.0.3, based on a PR by Leonardo Taccari.

> Is this (for 2014Q4) the correct way of fixing print/cups15?

Looks good to me, so I applied it to cups15.  It would be good to hear
From soeone else who has looked into this enough to be sure that's right
and who has tested the new version.  Until them, I an hesitant to ask
for a pullup (and 2015Q1 stops getting updates on 7/1 anyway).



Really I'd like to get cups 2 in good enough shape that there is no
reason for anyone to want to run cups15....

Attachment: pgpu99ksZu2lB.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index