[Pkg-hpijs-devel] Bug#731480: hplip: CVE-2013-6427: insecure (undocumented) auto update feature
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Dec 12 20:17:23 UTC 2013
Package: hplip
Version: 3.13.11-1
Followup-For: Bug #731480
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu trusty ubuntu-patch
-- Package-specific info:
*** /tmp/tmp2P2w3P/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* debian/non-shipped-files.txt, debian/hplip.install: don't ship
hp-upgrade and upgrade.py, as we want to use proper packaging, and want
to prevent security issues.
- CVE-2013-6427
Thanks for considering the patch.
-- System Information:
Debian Release: wheezy/sid
APT prefers saucy-updates
APT policy: (500, 'saucy-updates'), (500, 'saucy-security'), (500, 'saucy-proposed'), (500, 'saucy'), (100, 'saucy-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.11.0-15-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hplip_3.13.11-1ubuntu1.debdiff
Type: text/x-diff
Size: 1142 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-hpijs-devel/attachments/20131212/13f8237c/attachment.diff>
More information about the Pkg-hpijs-devel
mailing list