[SECURITY] [DLA 2237-1] cups security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2237-1] cups security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Sun, 7 Jun 2020 21:57:26 +0530
Message-id: <[🔎] 67111f50-644a-8e8c-8772-a78d01bcc336@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : cups
Version        : 1.7.5-11+deb8u8
CVE ID         : CVE-2019-8842 CVE-2020-3898


The following CVE(s) were reported against src:cups.

CVE-2019-8842

    The `ippReadIO` function may under-read an extension field.

CVE-2020-3898

    There was a heap based buffer overflow in libcups's
    ppdFindOption() in ppd-mark.c.
    The `ppdOpen` function did not handle invalid UI constraint.
    `ppdcSource::get_resolution` function did not handle invalid
    resolution strings.

For Debian 8 "Jessie", these problems have been fixed in version
1.7.5-11+deb8u8.

We recommend that you upgrade your cups packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl7dFWYACgkQgj6WdgbD
S5aQsg//ZXbv/VTGqUktLe5MxBv7w6doVzcosIliVOG6xdBmaYXLrAmJMcqo7YUv
ql96dFTMceUE1gLr7y0Zqt7TihSpxKMnjtFtVCduI2CjkktejmSCB3TrFS+iABjd
7rghoVESrlW4lBAKWXAPElIQp15EsLbqoK8OyAr37RTZcm0ejYeZMoGOEURt9EiD
s8kS21kBMLRb6DSrm3yr5Ivji/VFVZEDKLm4XuW6cMQjb9U9AQ86VM1q4YCVgd4/
a//nLJEv0SEgRjbs8psjzAmmeaF4s6nKjzxzqg9Ryhx0Luxt1uNhkNHydN7jhQpz
jchbjZ4rtKS2V+ZptH/hUpzhXOSS6sQ8tkZymJH/ISFVJA6MzbmObZFp8soq7bmA
ahyJAkfjCbvc5LHA5kItX68iWJPvz5jtby1LSPPDIdlEYSfC7ZtjxB/xYOGuezGm
LfpQCcUK7TTNIn/CEDcpYYnkDwZRd1UJAx8PYCa5wJ3HIFQtCBD8I3qkg21e0B+u
k2qKPKJduMNn15Uxc0MvGNwW52i6slsirJhtCjWCjaU72hlnFwk0kJ5XEX15aV1u
4kQihqUv9dMuQsgS8nHLRcE5Q/8HeXXxwcKODcYMrsoW6KLrVfBsIjIFFDt/TyWf
gkS47j2pII2VOL9MONEyujXCchtw2ZuqEoHK1+ln3xqQRMnoha4=
=U7cE
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2236-1] graphicsmagick security update
Next by Date: [SECURITY] [DLA 2238-1] libupnp security update
Previous by thread: [SECURITY] [DLA 2236-1] graphicsmagick security update
Next by thread: [SECURITY] [DLA 2238-1] libupnp security update
Index(es):
- Date
- Thread