[Pkg-cups-devel] Bug#692791: members of lpadmin can read every file on server via cups
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Nov 27 21:10:11 UTC 2012
On 12-11-27 03:51 PM, Didier 'OdyX' Raboud wrote:
> Le mardi, 27 novembre 2012 15.30:46, Marc Deslauriers a écrit :
>> FYI, as a security fix for our stable releases in Ubuntu, we plan on
>> disabling cupsd.conf modification in the web interface entirely.
>> Attached is the patch we plan on using.
>
> Hi Marc,
>
> while testing your patch I noticed it was not masking the "Edit Configuration
> File" input button in all locales (found in templates/*/admin.tmpl in 1.5.3).
>
> Updated patch is attached.
>
Ah! thanks for that, I completely overlooked the localized template files.
Marc.
More information about the Pkg-cups-devel
mailing list