Bug#1053522: marked as done (bullseye-pu: cups/2.3.3op2-3+deb11u6)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 07 Oct 2023 12:41:28 +0100
with message-id <84bb5ff8312f749ebe536897993782bf35aa1977.camel@adam-barratt.org.uk>
and subject line Closing opu requests for updates included in 11.8
has caused the Debian Bug report #1053522,
regarding bullseye-pu: cups/2.3.3op2-3+deb11u6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1053522: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053522
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: bullseye-pu: cups/2.3.3op2-3+deb11u6
• From: Thorsten Alteholz <debian@alteholz.de>
• Date: Thu, 5 Oct 2023 15:16:24 +0000 (UTC)
• Message-id: <[🔎] alpine.DEB.2.21.2310051514500.21545@postfach.intern.alteholz.me>

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu


After uploading the fix for CVE-2023-4504 and CVE-2023-32360 to Buster I
got some complaints:
 - the mentioned filename of the cupsd configuration contained a typo
   and several users were unsure what to do now ...
 - ... especially as the contents of debian/NEWS was also shown on
   computers where only cups client was installed.

So this upload fixes the typo and removes debian/NEWS again, so that the
text is only shown when cups-daemon will be updated.

I know it is rather late for this, but maybe this makes things easier for
our users.

  Thorsten

diff -Nru cups-2.3.3op2/debian/changelog cups-2.3.3op2/debian/changelog
--- cups-2.3.3op2/debian/changelog	2023-09-29 21:20:27.000000000 +0200
+++ cups-2.3.3op2/debian/changelog	2023-10-05 16:35:27.000000000 +0200
@@ -1,3 +1,11 @@
+cups (2.3.3op2-3+deb11u6) bullseye; urgency=medium
+
+  * remove debian/NEWS again to avoid too much information when only
+    the client part is installed
+  * fix typo in config filename
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Thu, 05 Oct 2023 16:35:27 +0200
+
 cups (2.3.3op2-3+deb11u5) bullseye; urgency=medium
 
   * move debian/NEWS.Debian to debian/NEWS
diff -Nru cups-2.3.3op2/debian/cups-daemon.NEWS cups-2.3.3op2/debian/cups-daemon.NEWS
--- cups-2.3.3op2/debian/cups-daemon.NEWS	2023-09-29 21:20:27.000000000 +0200
+++ cups-2.3.3op2/debian/cups-daemon.NEWS	2023-10-05 16:35:27.000000000 +0200
@@ -4,7 +4,7 @@
   unauthorized users to fetch documents over local or remote networks.
   Since this is a configuration fix, it might be that it does not reach you if you
   are updating 'cups-daemon' (rather than doing a fresh installation).
-  Please double check your /etc/cups/cupds.conf file, whether it limits the access
+  Please double check your /etc/cups/cupsd.conf file, whether it limits the access
   to CUPS-Get-Document with something like the following
   >  <Limit CUPS-Get-Document>
   >    AuthType Default
diff -Nru cups-2.3.3op2/debian/NEWS cups-2.3.3op2/debian/NEWS
--- cups-2.3.3op2/debian/NEWS	2023-09-29 21:20:27.000000000 +0200
+++ cups-2.3.3op2/debian/NEWS	1970-01-01 01:00:00.000000000 +0100
@@ -1,16 +0,0 @@
-cups (2.3.3op2-3+deb11u5) bullseye; urgency=medium
-
-  This release addresses a security issue (CVE-2023-32360) which allows
-  unauthorized users to fetch documents over local or remote networks.
-  Since this is a configuration fix, it might be that it does not reach you if you
-  are updating 'cups-daemon' (rather than doing a fresh installation).
-  Please double check your /etc/cups/cupds.conf file, whether it limits the access
-  to CUPS-Get-Document with something like the following
-  >  <Limit CUPS-Get-Document>
-  >    AuthType Default
-  >    Require user @OWNER @SYSTEM
-  >    Order deny,allow
-  >   </Limit>
-  (The important line is the 'AuthType Default' in this section)
-
- -- Thorsten Alteholz <debian@alteholz.de>  Tue, 19 Sep 2023 21:20:27 +0200

--- End Message ---

--- Begin Message ---

• To: 1007787-done@bugs.debian.org, 1007950-done@bugs.debian.org, 1013893-done@bugs.debian.org, 1028992-done@bugs.debian.org, 1032299-done@bugs.debian.org, 1034510-done@bugs.debian.org, 1034713-done@bugs.debian.org, 1034714-done@bugs.debian.org, 1034736-done@bugs.debian.org, 1035046-done@bugs.debian.org, 1035059-done@bugs.debian.org, 1035105-done@bugs.debian.org, 1035304-done@bugs.debian.org, 1035311-done@bugs.debian.org, 1035464-done@bugs.debian.org, 1035475-done@bugs.debian.org, 1035522-done@bugs.debian.org, 1035683-done@bugs.debian.org, 1035924-done@bugs.debian.org, 1036043-done@bugs.debian.org, 1036044-done@bugs.debian.org, 1036046-done@bugs.debian.org, 1036182-done@bugs.debian.org, 1036240-done@bugs.debian.org, 1036300-done@bugs.debian.org, 1036314-done@bugs.debian.org, 1036797-done@bugs.debian.org, 1036811-done@bugs.debian.org, 1036976-done@bugs.debian.org, 1037054-done@bugs.debian.org, 1037175-done@bugs.debian.org, 1037182-done@bugs.debian.org, 1037187-done@bugs.debian.org, 1037196-done@bugs.debian.org, 1037214-done@bugs.debian.org, 1037236-done@bugs.debian.org, 1038153-done@bugs.debian.org, 1038451-done@bugs.debian.org, 1038813-done@bugs.debian.org, 1038943-done@bugs.debian.org, 1039020-done@bugs.debian.org, 1039040-done@bugs.debian.org, 1039470-done@bugs.debian.org, 1039708-done@bugs.debian.org, 1039738-done@bugs.debian.org, 1039854-done@bugs.debian.org, 1039860-done@bugs.debian.org, 1039994-done@bugs.debian.org, 1040137-done@bugs.debian.org, 1040668-done@bugs.debian.org, 1040677-done@bugs.debian.org, 1040758-done@bugs.debian.org, 1040865-done@bugs.debian.org, 1040930-done@bugs.debian.org, 1040950-done@bugs.debian.org, 1041397-done@bugs.debian.org, 1041475-done@bugs.debian.org, 1042057-done@bugs.debian.org, 1043270-done@bugs.debian.org, 1049374-done@bugs.debian.org, 1050044-done@bugs.debian.org, 1050119-done@bugs.debian.org, 1050121-done@bugs.debian.org, 1050332-done@bugs.debian.org, 1050333-done@bugs.debian.org, 1050538-done@bugs.debian.org, 1050573-done@bugs.debian.org, 1050638-done@bugs.debian.org, 1051051-done@bugs.debian.org, 1051339-done@bugs.debian.org, 1051508-done@bugs.debian.org, 1051884-done@bugs.debian.org, 1051902-done@bugs.debian.org, 1051937-done@bugs.debian.org, 1052027-done@bugs.debian.org, 1052082-done@bugs.debian.org, 1052150-done@bugs.debian.org, 1052222-done@bugs.debian.org, 1052288-done@bugs.debian.org, 1052363-done@bugs.debian.org, 1052402-done@bugs.debian.org, 1052420-done@bugs.debian.org, 1052552-done@bugs.debian.org, 1052611-done@bugs.debian.org, 1053177-done@bugs.debian.org, 1053220-done@bugs.debian.org, 1053240-done@bugs.debian.org, 1053270-done@bugs.debian.org, 1053271-done@bugs.debian.org, 1053290-done@bugs.debian.org, 1053522-done@bugs.debian.org
• Subject: Closing opu requests for updates included in 11.8
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Sat, 07 Oct 2023 12:41:28 +0100
• Message-id: <84bb5ff8312f749ebe536897993782bf35aa1977.camel@adam-barratt.org.uk>

Package: release.debian.org
Version: 11.8

Hi,

The updates referred to by each of these requests were included in
today's 11.8 bullseye point release.

Regards,

Adam

--- End Message ---