[Pkg-cups-devel] cupsys: CVE-2008-{0047,0882}
Martin Pitt
mpitt at debian.org
Mon Mar 24 11:22:48 UTC 2008
Hi Noah,
Noah Meyerhans [2008-03-23 1:33 -0400]:
> On Sat, Mar 22, 2008 at 01:28:00PM +0100, Martin Pitt wrote:
> > I prepared an updated etch-security package for two recent CUPS
> > vulnerabilities:
>
> Thank you, Martin. I don't suppose you've given any though to whether
> or not oldstable is affected by these, have you? We still support it
> for the next couple of weeks...
In fact I didn't, I thought stable was out of date already (what
happened to the good old rule of EOLing it a year after releasing the
next stable?). When will it go EOL?
I'd just ignore the remote DoS (CVE-2008-0882) for Sarge TBH. If you
expose your printers to a large network of untrusted computers, you
will have larger problems and other methods of DoSing it, so killing
cupsd remotely is a minor issue here IMHO.
I just checked the Sarge version for CVE-2008-0047. The code is not
present in 1.1.23, thus Sarge is not affected by this.
HTH,
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20080324/f3124d79/attachment.pgp
More information about the Pkg-cups-devel
mailing list