Debian Bug report logs - #507183
cups: integer overflow via validation code in of the image size

version graph

Package: cups; Maintainer for cups is Debian Printing Team <debian-printing@lists.debian.org>; Source for cups is src:cups.

Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>

Date: Fri, 28 Nov 2008 22:03:01 UTC

Severity: grave

Tags: patch, security

Found in versions cups/1.3.8-1lenny3, cups/1.3.8-1lenny2

Fixed in versions cups/1.3.9-9, cups/1.3.8-1lenny4, cupsys/1.2.7-4etch6

Done: Steffen Joeris <white@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>:
Bug#507183; Package cups. (Fri, 28 Nov 2008 22:03:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>. (Fri, 28 Nov 2008 22:03:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: cups: integer overflow via validation code in of the image size
Date: Fri, 28 Nov 2008 22:58:15 +0100
Package: cups
Version: 1.3.8-1lenny3
Severity: grave
Tags: security, patch
Justification: user security hole

Hi Martin

Cups upstream just fixed another integer overflow[0], which was introduced
due to an incomplete fix for CVE-2008-1722. The upstream commit can be
found here[1]. A CVE id has been requested and I'll post it as soon as
it is available.

Cheers
Steffen

[0]: http://www.cups.org/str.php?L2974

[1]: http://www.cups.org/strfiles/2974/str2974.patch




Bug marked as found in version 1.3.8-1lenny2. Request was from Steffen Joeris <white@debian.org> to control@bugs.debian.org. (Sun, 30 Nov 2008 10:27:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>:
Bug#507183; Package cups. (Mon, 01 Dec 2008 15:03:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Thijs Kinkhorst" <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>. (Mon, 01 Dec 2008 15:03:07 GMT) Full text and rfc822 format available.

Message #12 received at 507183@bugs.debian.org (full text, mbox):

From: "Thijs Kinkhorst" <thijs@debian.org>
To: 507183@bugs.debian.org
Subject: this is CVE-2008-5286
Date: Mon, 1 Dec 2008 16:00:02 +0100 (CET)
Hi,

This is CVE-2008-5286. Please mention it in any changelogs.


thanks,
Thijs





Tags added: pending Request was from Martin Pitt <martin.pitt@ubuntu.com> to control@bugs.debian.org. (Mon, 01 Dec 2008 23:09:05 GMT) Full text and rfc822 format available.

Reply sent to Martin Pitt <mpitt@debian.org>:
You have taken responsibility. (Tue, 02 Dec 2008 00:33:04 GMT) Full text and rfc822 format available.

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. (Tue, 02 Dec 2008 00:33:06 GMT) Full text and rfc822 format available.

Message #19 received at 507183-close@bugs.debian.org (full text, mbox):

From: Martin Pitt <mpitt@debian.org>
To: 507183-close@bugs.debian.org
Subject: Bug#507183: fixed in cups 1.3.9-9
Date: Tue, 02 Dec 2008 00:17:05 +0000
Source: cups
Source-Version: 1.3.9-9

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive:

cups-bsd_1.3.9-9_i386.deb
  to pool/main/c/cups/cups-bsd_1.3.9-9_i386.deb
cups-client_1.3.9-9_i386.deb
  to pool/main/c/cups/cups-client_1.3.9-9_i386.deb
cups-common_1.3.9-9_all.deb
  to pool/main/c/cups/cups-common_1.3.9-9_all.deb
cups-dbg_1.3.9-9_i386.deb
  to pool/main/c/cups/cups-dbg_1.3.9-9_i386.deb
cups_1.3.9-9.diff.gz
  to pool/main/c/cups/cups_1.3.9-9.diff.gz
cups_1.3.9-9.dsc
  to pool/main/c/cups/cups_1.3.9-9.dsc
cups_1.3.9-9_i386.deb
  to pool/main/c/cups/cups_1.3.9-9_i386.deb
cupsys-bsd_1.3.9-9_all.deb
  to pool/main/c/cups/cupsys-bsd_1.3.9-9_all.deb
cupsys-client_1.3.9-9_all.deb
  to pool/main/c/cups/cupsys-client_1.3.9-9_all.deb
cupsys-common_1.3.9-9_all.deb
  to pool/main/c/cups/cupsys-common_1.3.9-9_all.deb
cupsys-dbg_1.3.9-9_all.deb
  to pool/main/c/cups/cupsys-dbg_1.3.9-9_all.deb
cupsys_1.3.9-9_all.deb
  to pool/main/c/cups/cupsys_1.3.9-9_all.deb
libcups2-dev_1.3.9-9_i386.deb
  to pool/main/c/cups/libcups2-dev_1.3.9-9_i386.deb
libcups2_1.3.9-9_i386.deb
  to pool/main/c/cups/libcups2_1.3.9-9_i386.deb
libcupsimage2-dev_1.3.9-9_i386.deb
  to pool/main/c/cups/libcupsimage2-dev_1.3.9-9_i386.deb
libcupsimage2_1.3.9-9_i386.deb
  to pool/main/c/cups/libcupsimage2_1.3.9-9_i386.deb
libcupsys2-dev_1.3.9-9_all.deb
  to pool/main/c/cups/libcupsys2-dev_1.3.9-9_all.deb
libcupsys2_1.3.9-9_all.deb
  to pool/main/c/cups/libcupsys2_1.3.9-9_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 507183@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 01 Dec 2008 15:47:10 -0800
Source: cups
Binary: libcups2 libcupsimage2 cups cups-client libcups2-dev libcupsimage2-dev cups-bsd cups-common cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd cupsys-dbg libcupsys2 libcupsys2-dev
Architecture: source all i386
Version: 1.3.9-9
Distribution: experimental
Urgency: low
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description: 
 cups       - Common UNIX Printing System(tm) - server
 cups-bsd   - Common UNIX Printing System(tm) - BSD commands
 cups-client - Common UNIX Printing System(tm) - client programs (SysV)
 cups-common - Common UNIX Printing System(tm) - common files
 cups-dbg   - Common UNIX Printing System(tm) - debugging symbols
 cupsys     - Common UNIX Printing System (transitional package)
 cupsys-bsd - Common UNIX Printing System (transitional package)
 cupsys-client - Common UNIX Printing System (transitional package)
 cupsys-common - Common UNIX Printing System (transitional package)
 cupsys-dbg - Common UNIX Printing System (transitional package)
 libcups2   - Common UNIX Printing System(tm) - libs
 libcups2-dev - Common UNIX Printing System(tm) - development files
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System (transitional package)
 libcupsys2-dev - Common UNIX Printing System (transitional package)
Closes: 507183
Changes: 
 cups (1.3.9-9) experimental; urgency=low
 .
   [ Till Kamppeter ]
   * debian/local/filters/pdf-filters/pdftopdf/P2PPage.cxx,
     debian/local/filters/pdf-filters/pdftopdf/P2PResources.cxx: Added
     processing of the rotate tag (LP: #300312).
 .
   [ Martin Pitt ]
   * Add png-image-int-overflow.dpatch: Fix integer overflow in the PNG image
     reader (Closes: #507183, STR #2974, CVE-2008-5286)
Checksums-Sha1: 
 9b1f5acaa2d5a19c3465850a5c60214ea77d0f44 1908 cups_1.3.9-9.dsc
 9e2cfa86776b6988f6a5028596edb46eeee4f770 321505 cups_1.3.9-9.diff.gz
 0eeb60e6d9eaae7e4bb95181e471334a6a42411b 1181148 cups-common_1.3.9-9_all.deb
 1c65537df8dc68505040077ff85fe30b0fa57b31 57642 cupsys_1.3.9-9_all.deb
 5f9d9f2d19c30a7f93feda7639c349c1b3327761 57662 cupsys-client_1.3.9-9_all.deb
 2e8562923cb664ab8995926de9b788ad87dd7729 57664 cupsys-common_1.3.9-9_all.deb
 54f41b23bb3806d978cd8f50d11b1f2f85bed423 57660 cupsys-bsd_1.3.9-9_all.deb
 0ccef64e5bd186b96ebe7e23c1826ee1be0dec21 57660 cupsys-dbg_1.3.9-9_all.deb
 a89ffa2b2b296a475a44d8098c7a20d5997e61ef 57662 libcupsys2_1.3.9-9_all.deb
 ecf5ef7c0012d8ce451728233bb4310c1b8500af 57670 libcupsys2-dev_1.3.9-9_all.deb
 f501d10ecd267b269cd5a7e00673726515aee094 170914 libcups2_1.3.9-9_i386.deb
 50e2368215c83ae3cd4f9d913d8b5c75f5b95522 105002 libcupsimage2_1.3.9-9_i386.deb
 6c1e632131e93a69236a22755ebafdff46822dc0 2205616 cups_1.3.9-9_i386.deb
 f71501930af7a9d101086265bc91c9b931efe208 115730 cups-client_1.3.9-9_i386.deb
 6052c04a287801ea480f374f356aa81bc74539e1 401112 libcups2-dev_1.3.9-9_i386.deb
 a59297f8232a352cefc508fcd48b99b1b7745c7f 60578 libcupsimage2-dev_1.3.9-9_i386.deb
 f96ecebf8b865c893094cc0e0322106eb0175889 36538 cups-bsd_1.3.9-9_i386.deb
 e2d19de1270df9358bb286dd1d7167b8842dc467 1511804 cups-dbg_1.3.9-9_i386.deb
Checksums-Sha256: 
 55bfcbf69c41074f26b27a9fa0260d02a18b7fb3efad8247b277d1185c58b09e 1908 cups_1.3.9-9.dsc
 833b0f50b27e9e21191a557855f01e39bc8bfce8d442352bd300669490efebd6 321505 cups_1.3.9-9.diff.gz
 db8f8acf6f15b1f57fe6030e8c15874063736eee6ead1c9f89f61d5eb01e5d48 1181148 cups-common_1.3.9-9_all.deb
 373954e7c1e42f7429dde091476be7f1f7ed4d37afeb2539f61e2333e427cf1f 57642 cupsys_1.3.9-9_all.deb
 c3b69e28bf9902ffd8fc492b7c1a10a19227e98873d8e366b550047a53bbdbb3 57662 cupsys-client_1.3.9-9_all.deb
 2a14553bbd338bb76d68ede14ab47723b895bc7a84db3ac5b2b3818cc404d670 57664 cupsys-common_1.3.9-9_all.deb
 ef34940594a9b41237cc8875c36f9a93f1223805e306b35b113ae2f9b768454a 57660 cupsys-bsd_1.3.9-9_all.deb
 f8dd2fdb6feb54ec301366f3f64df52b95a475cfac4e6e0346b71b8b3c7b9539 57660 cupsys-dbg_1.3.9-9_all.deb
 f6d72cb6480e51de0be349d345ddfb53f7a30714834855732806e2bee8371d4d 57662 libcupsys2_1.3.9-9_all.deb
 4a52985366610c8ba1fe4ba4b6ef25b50ab381a3a58ab1027b9f3bc1a4715167 57670 libcupsys2-dev_1.3.9-9_all.deb
 0203a54f8c0e6fd5adbc7fd726eebcb019aaef70f1d988638df0dd781fe64998 170914 libcups2_1.3.9-9_i386.deb
 8893fc6a35089b001607de59aeef98331653a186ea5bfae95f7e847aa3cecbf0 105002 libcupsimage2_1.3.9-9_i386.deb
 f339c905e23cb7bd52241e731e4d40e5aa32f5d7870b944fabb314f11b1e6376 2205616 cups_1.3.9-9_i386.deb
 d18a2377784daf32e4453f1e5c4fd18d28c8e3ae02713a29a7970674eaeeae5a 115730 cups-client_1.3.9-9_i386.deb
 f9a3eadd15b2427859d9d34191bc0697eae8d7b6d06c02b2f75984550cd081ff 401112 libcups2-dev_1.3.9-9_i386.deb
 88a37dd60d2c95f03d29c84a09a1efac6a227bfc7d066db2325cc7f785f860c5 60578 libcupsimage2-dev_1.3.9-9_i386.deb
 d51ff77c10ab8f45814809a53d811e521bcf0d26ff9adb8a3bc0d7f071bc7916 36538 cups-bsd_1.3.9-9_i386.deb
 a0173c386fd8cf3022f2bb3bff80da58c94f481c724c3e14a934c3645cb33fb7 1511804 cups-dbg_1.3.9-9_i386.deb
Files: 
 5bb11920cd56d6b064400d8dd608238f 1908 net optional cups_1.3.9-9.dsc
 efce4de989667f2ea690b3519b801b16 321505 net optional cups_1.3.9-9.diff.gz
 d7e8a2a1152b571e0761f2bcafd96f70 1181148 net optional cups-common_1.3.9-9_all.deb
 fc130c28e43d5294504aa049865fb5ae 57642 oldlibs extra cupsys_1.3.9-9_all.deb
 784235f19bc60da9a1772d81a8752242 57662 oldlibs extra cupsys-client_1.3.9-9_all.deb
 b3642ba59aec57f024f0961c478552fd 57664 oldlibs extra cupsys-common_1.3.9-9_all.deb
 f7c8fe9fe1b02217f9a197d17416a4c0 57660 oldlibs extra cupsys-bsd_1.3.9-9_all.deb
 94668daf10c29d222593294cf4debb61 57660 oldlibs extra cupsys-dbg_1.3.9-9_all.deb
 875da83e8926470594f624369f51ad53 57662 oldlibs extra libcupsys2_1.3.9-9_all.deb
 422b8b2d1c1441612716364023ccbd49 57670 oldlibs extra libcupsys2-dev_1.3.9-9_all.deb
 7e0b68a51a98a9d44fcaf4cf6803d132 170914 libs optional libcups2_1.3.9-9_i386.deb
 f235473e13f52951cdacfdc795472a62 105002 libs optional libcupsimage2_1.3.9-9_i386.deb
 bc7d07ab101bc43d714c255e52e39e57 2205616 net optional cups_1.3.9-9_i386.deb
 f032ad69bd6a889d7f6e923c5bb91d3b 115730 net optional cups-client_1.3.9-9_i386.deb
 2d68ce11c8dcfe1e129a0eed044f5c04 401112 libdevel optional libcups2-dev_1.3.9-9_i386.deb
 c188d04b1e6837be43e95d017582d261 60578 libdevel optional libcupsimage2-dev_1.3.9-9_i386.deb
 85089cb2c8370c20ba2ab910457e3dbf 36538 net extra cups-bsd_1.3.9-9_i386.deb
 d5cad274f4e8c9cfddbd4cdc2026f72f 1511804 libdevel extra cups-dbg_1.3.9-9_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkk0elEACgkQDecnbV4Fd/I27wCg0rqhRTZcfCiBqlgGOROb1Kbr
T2wAoMJLEsp0Os0O4NH66oSVi9HrzgHT
=kH3a
-----END PGP SIGNATURE-----





Reply sent to Martin Pitt <mpitt@debian.org>:
You have taken responsibility. (Tue, 02 Dec 2008 02:33:11 GMT) Full text and rfc822 format available.

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. (Tue, 02 Dec 2008 02:33:12 GMT) Full text and rfc822 format available.

Message #24 received at 507183-close@bugs.debian.org (full text, mbox):

From: Martin Pitt <mpitt@debian.org>
To: 507183-close@bugs.debian.org
Subject: Bug#507183: fixed in cups 1.3.8-1lenny4
Date: Tue, 02 Dec 2008 02:02:04 +0000
Source: cups
Source-Version: 1.3.8-1lenny4

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive:

cups-bsd_1.3.8-1lenny4_i386.deb
  to pool/main/c/cups/cups-bsd_1.3.8-1lenny4_i386.deb
cups-client_1.3.8-1lenny4_i386.deb
  to pool/main/c/cups/cups-client_1.3.8-1lenny4_i386.deb
cups-common_1.3.8-1lenny4_all.deb
  to pool/main/c/cups/cups-common_1.3.8-1lenny4_all.deb
cups-dbg_1.3.8-1lenny4_i386.deb
  to pool/main/c/cups/cups-dbg_1.3.8-1lenny4_i386.deb
cups_1.3.8-1lenny4.diff.gz
  to pool/main/c/cups/cups_1.3.8-1lenny4.diff.gz
cups_1.3.8-1lenny4.dsc
  to pool/main/c/cups/cups_1.3.8-1lenny4.dsc
cups_1.3.8-1lenny4_i386.deb
  to pool/main/c/cups/cups_1.3.8-1lenny4_i386.deb
cupsys-bsd_1.3.8-1lenny4_all.deb
  to pool/main/c/cups/cupsys-bsd_1.3.8-1lenny4_all.deb
cupsys-client_1.3.8-1lenny4_all.deb
  to pool/main/c/cups/cupsys-client_1.3.8-1lenny4_all.deb
cupsys-common_1.3.8-1lenny4_all.deb
  to pool/main/c/cups/cupsys-common_1.3.8-1lenny4_all.deb
cupsys-dbg_1.3.8-1lenny4_all.deb
  to pool/main/c/cups/cupsys-dbg_1.3.8-1lenny4_all.deb
cupsys_1.3.8-1lenny4_all.deb
  to pool/main/c/cups/cupsys_1.3.8-1lenny4_all.deb
libcups2-dev_1.3.8-1lenny4_i386.deb
  to pool/main/c/cups/libcups2-dev_1.3.8-1lenny4_i386.deb
libcups2_1.3.8-1lenny4_i386.deb
  to pool/main/c/cups/libcups2_1.3.8-1lenny4_i386.deb
libcupsimage2-dev_1.3.8-1lenny4_i386.deb
  to pool/main/c/cups/libcupsimage2-dev_1.3.8-1lenny4_i386.deb
libcupsimage2_1.3.8-1lenny4_i386.deb
  to pool/main/c/cups/libcupsimage2_1.3.8-1lenny4_i386.deb
libcupsys2-dev_1.3.8-1lenny4_all.deb
  to pool/main/c/cups/libcupsys2-dev_1.3.8-1lenny4_all.deb
libcupsys2_1.3.8-1lenny4_all.deb
  to pool/main/c/cups/libcupsys2_1.3.8-1lenny4_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 507183@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 01 Dec 2008 17:33:18 -0800
Source: cups
Binary: libcups2 libcupsimage2 cups cups-client libcups2-dev libcupsimage2-dev cups-bsd cups-common cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd cupsys-dbg libcupsys2 libcupsys2-dev
Architecture: source all i386
Version: 1.3.8-1lenny4
Distribution: unstable
Urgency: high
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description: 
 cups       - Common UNIX Printing System(tm) - server
 cups-bsd   - Common UNIX Printing System(tm) - BSD commands
 cups-client - Common UNIX Printing System(tm) - client programs (SysV)
 cups-common - Common UNIX Printing System(tm) - common files
 cups-dbg   - Common UNIX Printing System(tm) - debugging symbols
 cupsys     - Common UNIX Printing System (transitional package)
 cupsys-bsd - Common UNIX Printing System (transitional package)
 cupsys-client - Common UNIX Printing System (transitional package)
 cupsys-common - Common UNIX Printing System (transitional package)
 cupsys-dbg - Common UNIX Printing System (transitional package)
 libcups2   - Common UNIX Printing System(tm) - libs
 libcups2-dev - Common UNIX Printing System(tm) - development files
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System (transitional package)
 libcupsys2-dev - Common UNIX Printing System (transitional package)
Closes: 507183
Changes: 
 cups (1.3.8-1lenny4) unstable; urgency=high
 .
   * High urgency due to security bug fix.
   * Add png-image-int-overflow.dpatch: Fix integer overflow in the PNG image
     reader (Closes: #507183, STR #2974, CVE-2008-5286)
Checksums-Sha1: 
 b8dee8a0c156342e69311c3421b50c026d800623 1833 cups_1.3.8-1lenny4.dsc
 4ac6dfd579c7e03e4a333928a2925f6746f6d560 182791 cups_1.3.8-1lenny4.diff.gz
 fe3e44475bebbd5bf2727a1cca6ea9c006d8bf63 1174844 cups-common_1.3.8-1lenny4_all.deb
 5f3609f86918209de2dbf4b4b883443f87a5ce14 51712 cupsys_1.3.8-1lenny4_all.deb
 e4aae02a448ad56cf02b54837f8cac5540419415 51736 cupsys-client_1.3.8-1lenny4_all.deb
 2b8dd2de4dc61746971b23b9f13d3fdd42d03465 51736 cupsys-common_1.3.8-1lenny4_all.deb
 94cebaf00e6553facc5b3d93fe2ccc1cdecc22a4 51730 cupsys-bsd_1.3.8-1lenny4_all.deb
 6a64646409a04343a36e30c4b34fb4706e19fd41 51728 cupsys-dbg_1.3.8-1lenny4_all.deb
 47b1fbdcede7420947c4a441cb6549d802a4879e 51732 libcupsys2_1.3.8-1lenny4_all.deb
 a8419816a40b9c4cb258d6e52dd245fb5369a5e6 51744 libcupsys2-dev_1.3.8-1lenny4_all.deb
 be7fea224e3860c4cba9903937d50fc92fde4fe6 164134 libcups2_1.3.8-1lenny4_i386.deb
 f88b6bc78cf6f36da7d27bdc4d9919b537aaa89b 98840 libcupsimage2_1.3.8-1lenny4_i386.deb
 b971c751e77b24b1b9961271294135c77bc2b5ba 2046998 cups_1.3.8-1lenny4_i386.deb
 2f94a730b206339f375ec60e58bf4130c4627ba9 114872 cups-client_1.3.8-1lenny4_i386.deb
 cc8e5faddeb5be963edbe06ef08b7549962c00f1 393746 libcups2-dev_1.3.8-1lenny4_i386.deb
 0981cbc5af1458ab119d05604ffc454ec9805362 60374 libcupsimage2-dev_1.3.8-1lenny4_i386.deb
 2bda7e77633fa2504b69c323aa1c818ea2761168 36478 cups-bsd_1.3.8-1lenny4_i386.deb
 12acdee13ddcfa8d91b18384f84467c333adfca4 1085132 cups-dbg_1.3.8-1lenny4_i386.deb
Checksums-Sha256: 
 ee37fd7a2106e17e506b90185504f18eb50ebad2bb22a8f0ede64629d9b4dee6 1833 cups_1.3.8-1lenny4.dsc
 99756ee19b22ad00cd7bdef91145ee5c12a9f4254230c82b8bcf7d3c0fb5e6b2 182791 cups_1.3.8-1lenny4.diff.gz
 545809f1b9e37559aaae5467bbfec1a66cf007beb018b200b2460cf7384b123a 1174844 cups-common_1.3.8-1lenny4_all.deb
 c81d2bc09a0ffffc82d4c47628ac3e47de945617cbc17c76888a9ec94c15b8b9 51712 cupsys_1.3.8-1lenny4_all.deb
 2cf2083d7ad9586a5a9692a31aa00b842ae81719fef9cbc7a69c47d13f4fbbdb 51736 cupsys-client_1.3.8-1lenny4_all.deb
 7856a5ec98b1d4e42fd7347061aa284b07734bf9e982276b97912490b7a894be 51736 cupsys-common_1.3.8-1lenny4_all.deb
 cd3d6bfe778c5e4c58ce8555ff6652d4bd33194af9d271c09254df9a08a2c9fa 51730 cupsys-bsd_1.3.8-1lenny4_all.deb
 b13b2a43491f33e9fc763aa7d4c0293a35cf904fc9f71e493e845804a5068714 51728 cupsys-dbg_1.3.8-1lenny4_all.deb
 ff4ed9e2738a8a3dca6fc9b2ed4e85ee91dba19454d8b06e0ee84631754d78cf 51732 libcupsys2_1.3.8-1lenny4_all.deb
 bcb6d7a3ff0455a8598df63113a318f7845bcfd4cab8d4a3a3497f43c7ed787d 51744 libcupsys2-dev_1.3.8-1lenny4_all.deb
 1982ebf6f89acdebc5674a943f8623bed7aad1d052ced56f7fc49d6202685a89 164134 libcups2_1.3.8-1lenny4_i386.deb
 5474389effd3bc1ea8fa739437148d12fe1f34a504a63fdffee0e89d8fe497f6 98840 libcupsimage2_1.3.8-1lenny4_i386.deb
 9882f6e6166795b01a00e6e16897fb8576aac9cf5eaf1a391ac823d12effa235 2046998 cups_1.3.8-1lenny4_i386.deb
 8d4e3199753909077d5d6d2206c92c979b6a08975cbc4844001b0f52b454d7a0 114872 cups-client_1.3.8-1lenny4_i386.deb
 e31352b0b5ab5292b130bdb7e95dd926d3054165418cca48e034c97831e0b6a0 393746 libcups2-dev_1.3.8-1lenny4_i386.deb
 af5e5a888301a8b519b9674a9b494303727e91c1869ecec6f9c9de858d29fa49 60374 libcupsimage2-dev_1.3.8-1lenny4_i386.deb
 c3d59e4707e91504887b87a2ffb4f5cc7535081b3574b545431012f083d3f66e 36478 cups-bsd_1.3.8-1lenny4_i386.deb
 b2321ce54ca6a8405d10f4e02692303ff8d8a797bcd480e5490404b9f8c35bc3 1085132 cups-dbg_1.3.8-1lenny4_i386.deb
Files: 
 23c9531d0b759ccce0501be006e4d423 1833 net optional cups_1.3.8-1lenny4.dsc
 83fc53f65f54638c77a93516708e26e6 182791 net optional cups_1.3.8-1lenny4.diff.gz
 d4c95b74d05c479e63d675f3796f0581 1174844 net optional cups-common_1.3.8-1lenny4_all.deb
 c18b68ff56dd95fe9275d7004928c8fc 51712 oldlibs extra cupsys_1.3.8-1lenny4_all.deb
 a9bfc989cee5426b1c65fbb70078f7ce 51736 oldlibs extra cupsys-client_1.3.8-1lenny4_all.deb
 ccce8e48eb5040a0194d246607be85d7 51736 oldlibs extra cupsys-common_1.3.8-1lenny4_all.deb
 53c4153a5c4b4174dbe811c48d025b9b 51730 oldlibs extra cupsys-bsd_1.3.8-1lenny4_all.deb
 0e7b5d8769819ce27d204b4868d22add 51728 oldlibs extra cupsys-dbg_1.3.8-1lenny4_all.deb
 3585607e87d56afe20cd61912f93acbf 51732 oldlibs extra libcupsys2_1.3.8-1lenny4_all.deb
 9ac38d77f6af4fa9f5bb48a9947b7dd5 51744 oldlibs extra libcupsys2-dev_1.3.8-1lenny4_all.deb
 282513036466e11079b56ca2b576f59f 164134 libs optional libcups2_1.3.8-1lenny4_i386.deb
 6a0789b7b3ba1ec3196cfb17016ed1dd 98840 libs optional libcupsimage2_1.3.8-1lenny4_i386.deb
 305038d5f8d1355f00e9b8b351d8dff3 2046998 net optional cups_1.3.8-1lenny4_i386.deb
 bf9bd76781de078f407fb6cbdd61f16b 114872 net optional cups-client_1.3.8-1lenny4_i386.deb
 f2b5e0a2e56eade2dd945610df002bb5 393746 libdevel optional libcups2-dev_1.3.8-1lenny4_i386.deb
 1ebadd83ae7e7955e1a9e74d3460d0d5 60374 libdevel optional libcupsimage2-dev_1.3.8-1lenny4_i386.deb
 13d9a59014857c92a03a3d7087bae0ca 36478 net extra cups-bsd_1.3.8-1lenny4_i386.deb
 32ced52002eb3019d49ad75bca31869a 1085132 libdevel extra cups-dbg_1.3.8-1lenny4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkk0kmQACgkQDecnbV4Fd/L7PwCgwdN0tkqJhxkWilQoHSsQ2iJF
VZoAoLqzCnWM66Kiz5Ddq9jLwgaVui0P
=WnyL
-----END PGP SIGNATURE-----





Reply sent to Steffen Joeris <white@debian.org>:
You have taken responsibility. (Thu, 04 Dec 2008 20:03:14 GMT) Full text and rfc822 format available.

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. (Thu, 04 Dec 2008 20:03:14 GMT) Full text and rfc822 format available.

Message #29 received at 507183-close@bugs.debian.org (full text, mbox):

From: Steffen Joeris <white@debian.org>
To: 507183-close@bugs.debian.org
Subject: Bug#507183: fixed in cupsys 1.2.7-4etch6
Date: Thu, 04 Dec 2008 19:52:58 +0000
Source: cupsys
Source-Version: 1.2.7-4etch6

We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:

cupsys-bsd_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb
cupsys-client_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb
cupsys-common_1.2.7-4etch6_all.deb
  to pool/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb
cupsys-dbg_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb
cupsys_1.2.7-4etch6.diff.gz
  to pool/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz
cupsys_1.2.7-4etch6.dsc
  to pool/main/c/cupsys/cupsys_1.2.7-4etch6.dsc
cupsys_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb
libcupsimage2-dev_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb
libcupsimage2_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb
libcupsys2-dev_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb
libcupsys2-gnutls10_1.2.7-4etch6_all.deb
  to pool/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb
libcupsys2_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 507183@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated cupsys package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 30 Nov 2008 10:08:59 +0000
Source: cupsys
Binary: libcupsys2-dev cupsys libcupsys2 libcupsimage2 cupsys-common cupsys-client cupsys-dbg cupsys-bsd libcupsys2-gnutls10 libcupsimage2-dev
Architecture: source i386 all
Version: 1.2.7-4etch6
Distribution: stable-security
Urgency: high
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Steffen Joeris <white@debian.org>
Description: 
 cupsys     - Common UNIX Printing System(tm) - server
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
 cupsys-common - Common UNIX Printing System(tm) - common files
 cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System(tm) - libs
 libcupsys2-dev - Common UNIX Printing System(tm) - development files
 libcupsys2-gnutls10 - Common UNIX Printing System(tm) - dummy libs for transition
Closes: 507183
Changes: 
 cupsys (1.2.7-4etch6) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix potential integer overflow in image validation code
     (STR #2974, Closes: #507183)
Files: 
 a7198b7e0d7724a972d4027e805b1387 1092 net optional cupsys_1.2.7-4etch6.dsc
 1321ea49cfa8c06d619759acb00b0b2e 108940 net optional cupsys_1.2.7-4etch6.diff.gz
 9e98540d35e8a7aef76a1042cc4befe4 46256 libs optional libcupsys2-gnutls10_1.2.7-4etch6_all.deb
 4abe699f9d2a8f866b1e323934c6172a 917900 net optional cupsys-common_1.2.7-4etch6_all.deb
 41344ee4c268c095b89c8decc0e2df68 161274 libs optional libcupsys2_1.2.7-4etch6_i386.deb
 86517be38ba93afd954091ad5643c65b 87310 libs optional libcupsimage2_1.2.7-4etch6_i386.deb
 c0cefa71d7f58abd666c2c1459d3ede9 1556170 net optional cupsys_1.2.7-4etch6_i386.deb
 77c4aef7c78be537c09bc689ad1f5139 79702 net optional cupsys-client_1.2.7-4etch6_i386.deb
 51b8758e0338e1ec6ec9d74ea5f960ef 137796 libdevel optional libcupsys2-dev_1.2.7-4etch6_i386.deb
 4fccf1dfd78b230033407a914760d3f5 53240 libdevel optional libcupsimage2-dev_1.2.7-4etch6_i386.deb
 e464d81d46968426796a8182e6418691 36250 net extra cupsys-bsd_1.2.7-4etch6_i386.deb
 ec73926b9d49c2790c6381a927ad20a2 997624 libdevel extra cupsys-dbg_1.2.7-4etch6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkycjwACgkQ62zWxYk/rQcPJwCfRWfdwIb+oECLuUNMqPr/rnz6
DAYAoLWsa2/BSwNLUcK94yD5g3k+Y8Hu
=bewn
-----END PGP SIGNATURE-----





Reply sent to Steffen Joeris <white@debian.org>:
You have taken responsibility. (Wed, 17 Dec 2008 21:36:18 GMT) Full text and rfc822 format available.

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. (Wed, 17 Dec 2008 21:36:18 GMT) Full text and rfc822 format available.

Message #34 received at 507183-close@bugs.debian.org (full text, mbox):

From: Steffen Joeris <white@debian.org>
To: 507183-close@bugs.debian.org
Subject: Bug#507183: fixed in cupsys 1.2.7-4etch6
Date: Wed, 17 Dec 2008 21:02:52 +0000
Source: cupsys
Source-Version: 1.2.7-4etch6

We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:

cupsys-bsd_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb
cupsys-client_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb
cupsys-common_1.2.7-4etch6_all.deb
  to pool/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb
cupsys-dbg_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb
cupsys_1.2.7-4etch6.diff.gz
  to pool/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz
cupsys_1.2.7-4etch6.dsc
  to pool/main/c/cupsys/cupsys_1.2.7-4etch6.dsc
cupsys_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb
libcupsimage2-dev_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb
libcupsimage2_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb
libcupsys2-dev_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb
libcupsys2-gnutls10_1.2.7-4etch6_all.deb
  to pool/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb
libcupsys2_1.2.7-4etch6_i386.deb
  to pool/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 507183@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated cupsys package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 30 Nov 2008 10:08:59 +0000
Source: cupsys
Binary: libcupsys2-dev cupsys libcupsys2 libcupsimage2 cupsys-common cupsys-client cupsys-dbg cupsys-bsd libcupsys2-gnutls10 libcupsimage2-dev
Architecture: source i386 all
Version: 1.2.7-4etch6
Distribution: stable-security
Urgency: high
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Steffen Joeris <white@debian.org>
Description: 
 cupsys     - Common UNIX Printing System(tm) - server
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
 cupsys-common - Common UNIX Printing System(tm) - common files
 cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System(tm) - libs
 libcupsys2-dev - Common UNIX Printing System(tm) - development files
 libcupsys2-gnutls10 - Common UNIX Printing System(tm) - dummy libs for transition
Closes: 507183
Changes: 
 cupsys (1.2.7-4etch6) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix potential integer overflow in image validation code
     (STR #2974, Closes: #507183)
Files: 
 a7198b7e0d7724a972d4027e805b1387 1092 net optional cupsys_1.2.7-4etch6.dsc
 1321ea49cfa8c06d619759acb00b0b2e 108940 net optional cupsys_1.2.7-4etch6.diff.gz
 9e98540d35e8a7aef76a1042cc4befe4 46256 libs optional libcupsys2-gnutls10_1.2.7-4etch6_all.deb
 4abe699f9d2a8f866b1e323934c6172a 917900 net optional cupsys-common_1.2.7-4etch6_all.deb
 41344ee4c268c095b89c8decc0e2df68 161274 libs optional libcupsys2_1.2.7-4etch6_i386.deb
 86517be38ba93afd954091ad5643c65b 87310 libs optional libcupsimage2_1.2.7-4etch6_i386.deb
 c0cefa71d7f58abd666c2c1459d3ede9 1556170 net optional cupsys_1.2.7-4etch6_i386.deb
 77c4aef7c78be537c09bc689ad1f5139 79702 net optional cupsys-client_1.2.7-4etch6_i386.deb
 51b8758e0338e1ec6ec9d74ea5f960ef 137796 libdevel optional libcupsys2-dev_1.2.7-4etch6_i386.deb
 4fccf1dfd78b230033407a914760d3f5 53240 libdevel optional libcupsimage2-dev_1.2.7-4etch6_i386.deb
 e464d81d46968426796a8182e6418691 36250 net extra cupsys-bsd_1.2.7-4etch6_i386.deb
 ec73926b9d49c2790c6381a927ad20a2 997624 libdevel extra cupsys-dbg_1.2.7-4etch6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkycjwACgkQ62zWxYk/rQcPJwCfRWfdwIb+oECLuUNMqPr/rnz6
DAYAoLWsa2/BSwNLUcK94yD5g3k+Y8Hu
=bewn
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 15 Jan 2009 07:31:53 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 22:02:51 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.