[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1053523: marked as done (bookworm-pu: cups/2.4.2-3+deb12u4)

Your message dated Sat, 07 Oct 2023 09:59:43 +0000
with message-id <E1qp463-00A4K5-Tu@coccia.debian.org>
and subject line Released with 12.2
has caused the Debian Bug report #1053523,
regarding bookworm-pu: cups/2.4.2-3+deb12u4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1053523: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053523
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
After uploading the fix for CVE-2023-4504 and CVE-2023-32360 to Buster I got some complaints: 
 - the mentioned filename of the cupsd configuration contained a typo
   and several users were unsure what to do now ...
 - ... especially as the contents of debian/NEWS was also shown on
   computers where only cups client was installed.
So this upload fixes the typo and removes debian/NEWS again, so that the text is only shown when cups-daemon will be updated.
I know it is rather late for this, but maybe this makes things easier for our users. 

  Thorsten

diff -Nru cups-2.4.2/debian/changelog cups-2.4.2/debian/changelog
--- cups-2.4.2/debian/changelog	2023-09-29 21:20:27.000000000 +0200
+++ cups-2.4.2/debian/changelog	2023-10-05 16:35:27.000000000 +0200
@@ -1,3 +1,11 @@
+cups (2.4.2-3+deb12u4) bookworm; urgency=medium
+
+  * remove debian/NEWS again to avoid too much information when only
+    the client part is installed
+  * fix typo in config filename
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Thu, 05 Oct 2023 16:35:27 +0200
+
 cups (2.4.2-3+deb12u3) bookworm; urgency=medium
 
   * move debian/NEWS.Debian to debian/NEWS
diff -Nru cups-2.4.2/debian/cups-daemon.NEWS cups-2.4.2/debian/cups-daemon.NEWS
--- cups-2.4.2/debian/cups-daemon.NEWS	2023-09-29 21:20:27.000000000 +0200
+++ cups-2.4.2/debian/cups-daemon.NEWS	2023-10-05 16:35:27.000000000 +0200
@@ -4,7 +4,7 @@
   unauthorized users to fetch documents over local or remote networks.
   Since this is a configuration fix, it might be that it does not reach you if you
   are updating 'cups-daemon' (rather than doing a fresh installation).
-  Please double check your /etc/cups/cupds.conf file, whether it limits the access
+  Please double check your /etc/cups/cupsd.conf file, whether it limits the access
   to CUPS-Get-Document with something like the following
   >  <Limit CUPS-Get-Document>
   >    AuthType Default
diff -Nru cups-2.4.2/debian/NEWS cups-2.4.2/debian/NEWS
--- cups-2.4.2/debian/NEWS	2023-09-29 21:20:27.000000000 +0200
+++ cups-2.4.2/debian/NEWS	1970-01-01 01:00:00.000000000 +0100
@@ -1,16 +0,0 @@
-cups (2.4.2-3+deb12u3) bookworm; urgency=medium
-
-  This release addresses a security issue (CVE-2023-32360) which allows
-  unauthorized users to fetch documents over local or remote networks.
-  Since this is a configuration fix, it might be that it does not reach you if you
-  are updating 'cups-daemon' (rather than doing a fresh installation).
-  Please double check your /etc/cups/cupds.conf file, whether it limits the access
-  to CUPS-Get-Document with something like the following
-  >  <Limit CUPS-Get-Document>
-  >    AuthType Default
-  >    Require user @OWNER @SYSTEM
-  >    Order deny,allow
-  >   </Limit>
-  (The important line is the 'AuthType Default' in this section)
-
- -- Thorsten Alteholz <debian@alteholz.de>  Tue, 19 Sep 2023 21:20:27 +0200

--- End Message ---
--- Begin Message --- 
Version: 12.2

The upload requested in this bug has been released as part of 12.2.

--- End Message ---
Reply to: