Source: cups-filters Version: 1.28.17-5 Severity: normal Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi Thorsten, The following vulnerability was published for cups-filters. No direct action needed, it's more to get a cross reference in BTS about the issue, it can be closed once the problematic code is going to be removed (AFAIU). The mitigations as already handled should be enought so far. CVE-2024-47850[0]: | CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an | arbitrary destination and port in response to a single IPP UDP | packet requesting a printer to be added, a different vulnerability | than CVE-2024-47176. (The request is meant to probe the new printer | but can be used to create DDoS amplification attacks.) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-47850 https://www.cve.org/CVERecord?id=CVE-2024-47850 [1] https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq86-c7g6-r2h8 Regards, Salvatore
