[Secure-testing-team] Bug#743470: cups-filters: CVE-2014-2707: remote command injection in cups-browsed
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 3 04:43:18 UTC 2014
Source: cups-filters
Version: 1.0.50-1
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
Hi
See [1] and [2]:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1083326
[2] http://seclists.org/oss-sec/2014/q2/3
AFAICS this was introduced in 1.0.41 and wheezy is not affected by the
issue.
Ubuntu has already fixed it with the 1.0.51-0ubuntu1 upload.
Regards and thanks for your work,
Salvatore
More information about the Secure-testing-team
mailing list