Your message dated Sat, 07 Oct 2023 12:41:28 +0100 with message-id <84bb5ff8312f749ebe536897993782bf35aa1977.camel@adam-barratt.org.uk> and subject line Closing opu requests for updates included in 11.8 has caused the Debian Bug report #1053522, regarding bullseye-pu: cups/2.3.3op2-3+deb11u6 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1053522: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053522 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: bullseye-pu: cups/2.3.3op2-3+deb11u6
- From: Thorsten Alteholz <debian@alteholz.de>
- Date: Thu, 5 Oct 2023 15:16:24 +0000 (UTC)
- Message-id: <[🔎] alpine.DEB.2.21.2310051514500.21545@postfach.intern.alteholz.me>
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian.org@packages.debian.org Usertags: pu After uploading the fix for CVE-2023-4504 and CVE-2023-32360 to Buster I got some complaints: - the mentioned filename of the cupsd configuration contained a typo and several users were unsure what to do now ... - ... especially as the contents of debian/NEWS was also shown on computers where only cups client was installed. So this upload fixes the typo and removes debian/NEWS again, so that the text is only shown when cups-daemon will be updated. I know it is rather late for this, but maybe this makes things easier for our users. Thorstendiff -Nru cups-2.3.3op2/debian/changelog cups-2.3.3op2/debian/changelog --- cups-2.3.3op2/debian/changelog 2023-09-29 21:20:27.000000000 +0200 +++ cups-2.3.3op2/debian/changelog 2023-10-05 16:35:27.000000000 +0200 @@ -1,3 +1,11 @@ +cups (2.3.3op2-3+deb11u6) bullseye; urgency=medium + + * remove debian/NEWS again to avoid too much information when only + the client part is installed + * fix typo in config filename + + -- Thorsten Alteholz <debian@alteholz.de> Thu, 05 Oct 2023 16:35:27 +0200 + cups (2.3.3op2-3+deb11u5) bullseye; urgency=medium * move debian/NEWS.Debian to debian/NEWS diff -Nru cups-2.3.3op2/debian/cups-daemon.NEWS cups-2.3.3op2/debian/cups-daemon.NEWS --- cups-2.3.3op2/debian/cups-daemon.NEWS 2023-09-29 21:20:27.000000000 +0200 +++ cups-2.3.3op2/debian/cups-daemon.NEWS 2023-10-05 16:35:27.000000000 +0200 @@ -4,7 +4,7 @@ unauthorized users to fetch documents over local or remote networks. Since this is a configuration fix, it might be that it does not reach you if you are updating 'cups-daemon' (rather than doing a fresh installation). - Please double check your /etc/cups/cupds.conf file, whether it limits the access + Please double check your /etc/cups/cupsd.conf file, whether it limits the access to CUPS-Get-Document with something like the following > <Limit CUPS-Get-Document> > AuthType Default diff -Nru cups-2.3.3op2/debian/NEWS cups-2.3.3op2/debian/NEWS --- cups-2.3.3op2/debian/NEWS 2023-09-29 21:20:27.000000000 +0200 +++ cups-2.3.3op2/debian/NEWS 1970-01-01 01:00:00.000000000 +0100 @@ -1,16 +0,0 @@ -cups (2.3.3op2-3+deb11u5) bullseye; urgency=medium - - This release addresses a security issue (CVE-2023-32360) which allows - unauthorized users to fetch documents over local or remote networks. - Since this is a configuration fix, it might be that it does not reach you if you - are updating 'cups-daemon' (rather than doing a fresh installation). - Please double check your /etc/cups/cupds.conf file, whether it limits the access - to CUPS-Get-Document with something like the following - > <Limit CUPS-Get-Document> - > AuthType Default - > Require user @OWNER @SYSTEM - > Order deny,allow - > </Limit> - (The important line is the 'AuthType Default' in this section) - - -- Thorsten Alteholz <debian@alteholz.de> Tue, 19 Sep 2023 21:20:27 +0200
--- End Message ---
--- Begin Message ---
- To: 1007787-done@bugs.debian.org, 1007950-done@bugs.debian.org, 1013893-done@bugs.debian.org, 1028992-done@bugs.debian.org, 1032299-done@bugs.debian.org, 1034510-done@bugs.debian.org, 1034713-done@bugs.debian.org, 1034714-done@bugs.debian.org, 1034736-done@bugs.debian.org, 1035046-done@bugs.debian.org, 1035059-done@bugs.debian.org, 1035105-done@bugs.debian.org, 1035304-done@bugs.debian.org, 1035311-done@bugs.debian.org, 1035464-done@bugs.debian.org, 1035475-done@bugs.debian.org, 1035522-done@bugs.debian.org, 1035683-done@bugs.debian.org, 1035924-done@bugs.debian.org, 1036043-done@bugs.debian.org, 1036044-done@bugs.debian.org, 1036046-done@bugs.debian.org, 1036182-done@bugs.debian.org, 1036240-done@bugs.debian.org, 1036300-done@bugs.debian.org, 1036314-done@bugs.debian.org, 1036797-done@bugs.debian.org, 1036811-done@bugs.debian.org, 1036976-done@bugs.debian.org, 1037054-done@bugs.debian.org, 1037175-done@bugs.debian.org, 1037182-done@bugs.debian.org, 1037187-done@bugs.debian.org, 1037196-done@bugs.debian.org, 1037214-done@bugs.debian.org, 1037236-done@bugs.debian.org, 1038153-done@bugs.debian.org, 1038451-done@bugs.debian.org, 1038813-done@bugs.debian.org, 1038943-done@bugs.debian.org, 1039020-done@bugs.debian.org, 1039040-done@bugs.debian.org, 1039470-done@bugs.debian.org, 1039708-done@bugs.debian.org, 1039738-done@bugs.debian.org, 1039854-done@bugs.debian.org, 1039860-done@bugs.debian.org, 1039994-done@bugs.debian.org, 1040137-done@bugs.debian.org, 1040668-done@bugs.debian.org, 1040677-done@bugs.debian.org, 1040758-done@bugs.debian.org, 1040865-done@bugs.debian.org, 1040930-done@bugs.debian.org, 1040950-done@bugs.debian.org, 1041397-done@bugs.debian.org, 1041475-done@bugs.debian.org, 1042057-done@bugs.debian.org, 1043270-done@bugs.debian.org, 1049374-done@bugs.debian.org, 1050044-done@bugs.debian.org, 1050119-done@bugs.debian.org, 1050121-done@bugs.debian.org, 1050332-done@bugs.debian.org, 1050333-done@bugs.debian.org, 1050538-done@bugs.debian.org, 1050573-done@bugs.debian.org, 1050638-done@bugs.debian.org, 1051051-done@bugs.debian.org, 1051339-done@bugs.debian.org, 1051508-done@bugs.debian.org, 1051884-done@bugs.debian.org, 1051902-done@bugs.debian.org, 1051937-done@bugs.debian.org, 1052027-done@bugs.debian.org, 1052082-done@bugs.debian.org, 1052150-done@bugs.debian.org, 1052222-done@bugs.debian.org, 1052288-done@bugs.debian.org, 1052363-done@bugs.debian.org, 1052402-done@bugs.debian.org, 1052420-done@bugs.debian.org, 1052552-done@bugs.debian.org, 1052611-done@bugs.debian.org, 1053177-done@bugs.debian.org, 1053220-done@bugs.debian.org, 1053240-done@bugs.debian.org, 1053270-done@bugs.debian.org, 1053271-done@bugs.debian.org, 1053290-done@bugs.debian.org, 1053522-done@bugs.debian.org
- Subject: Closing opu requests for updates included in 11.8
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 07 Oct 2023 12:41:28 +0100
- Message-id: <84bb5ff8312f749ebe536897993782bf35aa1977.camel@adam-barratt.org.uk>
Package: release.debian.org Version: 11.8 Hi, The updates referred to by each of these requests were included in today's 11.8 bullseye point release. Regards, Adam
--- End Message ---