[Pkg-cups-devel] Bug#506180: Bug#506180: CUPS: daemon crashes when adding more than 100 rss subscriptions
Martin Pitt
mpitt at debian.org
Fri Jan 2 15:46:13 UTC 2009
Hi Nico,
happy new year!
Nico Golde [2008-12-21 13:21 +0100]:
> what is the status of this issue regarding lenny?
The "unauthenticated RSS subscription crash" (CVE-2008-5184, STR
#2774) is fixed in 1.3.8, thus in lenny and unstable; it does not
affect etch at all.
The "crash on more than 100 subscriptions" (CVE-2008-5183) is not
fixed anywhere (not even upstream svn trunk). However, it is just an
authenticated local DoS (NULL pointer deref), and as such I claim that
it is not urgent at all, if it can even be called a vulnerability in
the first place.
http://lab.gnucitizen.org/projects/cups-0day has some details on this.
Thanks,
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20090102/c458b327/attachment.pgp
More information about the Pkg-cups-devel
mailing list