Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted cups 2.3.3op2-3+deb11u9 (source) into oldstable-security
Date: Sun, 29 Sep 2024 17:50:22 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 26 Sep 2024 23:45:05 +0200
Source: cups
Architecture: source
Version: 2.3.3op2-3+deb11u9
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Changes:
 cups (2.3.3op2-3+deb11u9) bullseye-security; urgency=medium
 .
   * CVE-2024-47175
     Fix CVE and upstream also added some extra hardening to patch
     - validate URIs, attribute names, and capabilities
       in cups/ppd-cache.c, scheduler/ipp.c
     - sanitize make and model in cups/ppd-cache.c
     - PPDize preset and template names in cups/ppd-cache.c
     - quote PPD localized strings in  cups/ppd-cache.c
     - fix warnings in cups/ppd-cache.c
Checksums-Sha1:
 e2348d676d0ef2b4707030331ea52c54ab2e4f70 3412 cups_2.3.3op2-3+deb11u9.dsc
 4718df2bb5537e800a50d19a033e25e8a76f085a 353784 cups_2.3.3op2-3+deb11u9.debian.tar.xz
 0878c53e1c530f4d1d244da0c6f3a3605d8c7079 14386 cups_2.3.3op2-3+deb11u9_amd64.buildinfo
Checksums-Sha256:
 09a8f0ccbb4892a8d0b06d7c92b8f94461e4c8cad8edbd86f30924c082dacd97 3412 cups_2.3.3op2-3+deb11u9.dsc
 98653afef9f252a8c7eea1764f4d29f789866d1aedc14abefc155b544b4fce00 353784 cups_2.3.3op2-3+deb11u9.debian.tar.xz
 11d7e19605b61a33426d447f4f9ce4f4d29bf669e8e883e8587e91491f41cd2c 14386 cups_2.3.3op2-3+deb11u9_amd64.buildinfo
Files:
 08da62ab30738baac99598c1cae8acdd 3412 net optional cups_2.3.3op2-3+deb11u9.dsc
 65150d745f11f504273497355aec81f4 353784 net optional cups_2.3.3op2-3+deb11u9.debian.tar.xz
 44d8a1e8030fedd1ea08fb50adbd7b2f 14386 net optional cups_2.3.3op2-3+deb11u9_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmb5i3lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR4hXD/9pVIONi0IcLxkRAv6JYu8oAUlgRTHc
rYus6fixL0ipg2SUCafQ0Fi3iNKpZmfS1c21wm+mKhTC84WJz9jFJ80bzNzcv8h1
Jj4KkraLbTR0YWZF32blyI9in6gAX/C5uPJi1gdFoiyRpAXJ9lgoGwbFvP9fJ8rH
aiL96Qxgv9l4KK3U/+OIOni/figEAulB5M1iBlQyUSRsqV8eRr4/6TIpusDy8A0U
cGBgn8u4CJ6NoPM7tNnMN7QDa1Xbg/x0b9vrd3H3xuhJHjVcPo7/hloze7+1CilV
9XArIl0HPBGgtN0m8wb9CjT/UAphUyyxPKpci510jngqGg6IC3ygaQ+yBTg3xgr3
RPdrvKjBSmAieI//TisVmwSkqRUPs8Rt5r/Uef1rCd9isr9wcCcdXOghxThwCJCZ
kyoh8j+NxArn4ODecMUx6NQA574z8Rp7KcvdOOAOt/esvJGaR+hA78BmhL3ban2R
iMlTEUGnwJ55ObOgipkh24zMkbAZYqmxk+/MuwiYBv//Y45KMp6RmMKJPaQbJA+f
MA9wywz3EcSIsJ86zr4593Fon4brgnCvppQK9rnTE0xpfuz++NqgxlMQWqB5tNWP
1PAMlJu0vf+ZdFURDwbi8CAoQSapMH1FRHeGhSmjVhC8XQFkg3ga29jDfnomcbJI
SPbZ8w5XspyBvg==
=VJEd
-----END PGP SIGNATURE-----

News for package cups