[Pkg-hpijs-devel] Bug#635549: Stable update of hplip for	CVE-2011-2722 (#635549) ?
    Didier Raboud 
    odyx at debian.org
       
    Fri Nov 25 13:58:55 UTC 2011
    
    
  
Dear Release Team,
after taking a closer look to #635549 and an IRC chat with the Security 
people, I propose to upload hplip to stable with the following changelog 
entry: 
    hplip (3.10.6-2+squeeze0) stable; urgency=low
    
      * Fix CVE-2011-2722 "Insecure tempfile handling" by patching the culprit
        code out. (Closes: #635549)
    
     -- Didier Raboud <odyx at debian.org>  Fri, 25 Nov 2011 14:53:50 +0100
Debdiff and dpatch are attached; please comment.
Cheers,
-- 
OdyX
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hplip_3.10.6-2+squeeze0.debdiff
Type: text/x-patch
Size: 2377 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-hpijs-devel/attachments/20111125/75fa960b/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2011-2722.dpatch
Type: application/x-shellscript
Size: 1481 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-hpijs-devel/attachments/20111125/75fa960b/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-hpijs-devel/attachments/20111125/75fa960b/attachment.pgp>
    
    
More information about the Pkg-hpijs-devel
mailing list