[Pkg-cups-devel] Bug#692791: members of lpadmin can read every file on server via cups
Didier 'OdyX' Raboud
odyx at debian.org
Tue Nov 27 20:51:31 UTC 2012
Le mardi, 27 novembre 2012 15.30:46, Marc Deslauriers a écrit :
> FYI, as a security fix for our stable releases in Ubuntu, we plan on
> disabling cupsd.conf modification in the web interface entirely.
> Attached is the patch we plan on using.
Hi Marc,
while testing your patch I noticed it was not masking the "Edit Configuration
File" input button in all locales (found in templates/*/admin.tmpl in 1.5.3).
Updated patch is attached.
Cheers,
OdyX
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2012-5519.patch
Type: text/x-patch
Size: 9523 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20121127/a15082ad/attachment.bin>
More information about the Pkg-cups-devel
mailing list