-
cups (2.4.2-1ubuntu2.2) kinetic-security; urgency=medium
* SECURITY UPDATE: use-after-free in cupsdAcceptClient()
- debian/patches/CVE-2023-34241.patch: log result of httpGetHostname
BEFORE closing the connection in scheduler/client.c.
- CVE-2023-34241
-- Marc Deslauriers <email address hidden> Tue, 13 Jun 2023 08:16:59 -0400
-
cups (2.4.2-1ubuntu2.1) kinetic-security; urgency=medium
* SECURITY UPDATE: DoS via buffer overflow in format_log_line
- debian/patches/CVE-2023-32324.patch: check _cups_strlcpy size in
cups/string.c.
- CVE-2023-32324
-- Marc Deslauriers <email address hidden> Thu, 25 May 2023 08:42:29 -0400
-
cups (2.4.2-1ubuntu2) kinetic; urgency=medium
* Add patch to build with snapd-glib-2
-- Jeremy Bicha <email address hidden> Thu, 25 Aug 2022 21:54:33 -0400
-
cups (2.4.2-1ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Added "--enable-snapped-clients" to the "./configure" options to use
the correct Snap mediation mode for an unsnapped cupsd, like provided
by this package.
- In the AppArmor profile allow CUPS to access (/var)/run/snapd.socket
to allow cupsd to determine which interfaces a snapped client
is plugging.
- Build-depend on libapparmor-dev, libsnapd-glib-dev, needed for
Snap mediation.
- Added fully automatic generation of PPD option setting presets to
be applied depending on the settings of the job IPP attributes
"print-color-mode", "print-quality", and "print-content-optimize".
This allows easy control of any printer with only standard IPP
attributes, as for example from a phone (functionality overtaken
from cups-filters, mot (yet) upstream in CUPS).
- Fixed printing on temporary CUPS queues for local services, like
IPP-over-USB or Printer Applications. Especially when printing from
the GTK print dialog printing on such queues did not work (Upstream
pull request #353, LP: #1965112).
- Comment in CVE-2022-26691 patch fixed.
-- Till Kamppeter <email address hidden> Mon, 06 Jun 2022 20:20:31 +0200
-
cups (2.4.1op1-1ubuntu5) kinetic; urgency=medium
* SECURITY UPDATE: Local authorization cert bypass
- debian/patches/CVE-2022-26691-1.patch: fix string comparison in
scheduler/cert.c.
- debian/patches/CVE-2022-26691-2.patch: fix the comment in
scheduler/cert.c.
- CVE-2022-26691
-- Marc Deslauriers <email address hidden> Fri, 27 May 2022 07:53:01 -0400
-
cups (2.4.1op1-1ubuntu4) jammy; urgency=low
* Fixed PPD file auto-generation when a print queue is created with
a DNS-SD-service-name-based URI and "-m everywhere" backporting the
fix from upstream (Upstream issue #340, #343).
-- Till Kamppeter <email address hidden> Sat, 19 Mar 2022 00:07:00 +0100
