Your message dated Fri, 13 Jul 2018 08:50:23 +0000 with message-id <e1fdtmr-00037v...@fasolo.debian.org> and subject line Bug#903605: fixed in cups 2.2.8-5 has caused the Debian Bug report #903605, regarding cups: CVE-2018-6553 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 903605: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903605 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: cups Version: 2.2.1-8 Severity: serious Tags: patch security Control: fixed -1 2.2.1-8+deb9u2 Hi, I'm filling this with severity serious, as it indicates a regression from stable, given the issue was fixed already via DSA-4243-1 in 2.2.1-8+deb9u2. CVE-2018-6553[0]: AppArmor profile issue in cups If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-6553 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6553 [1] https://usn.ubuntu.com/usn/usn-3713-1 [2] https://lists.debian.org/debian-security-announce/2018/msg00172.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: cups Source-Version: 2.2.8-5 We believe that the bug you reported is fixed in the latest version of cups, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 903...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Didier Raboud <o...@debian.org> (supplier of updated cups package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 12 Jul 2018 18:48:48 +0200 Source: cups Binary: libcups2 libcupsimage2 libcupscgi1 libcupsmime1 libcupsppdc1 cups cups-core-drivers cups-daemon cups-client cups-ipp-utils libcups2-dev libcupsimage2-dev cups-bsd cups-common cups-server-common cups-ppdc Architecture: source Version: 2.2.8-5 Distribution: unstable Urgency: high Maintainer: Debian Printing Team <debian-print...@lists.debian.org> Changed-By: Didier Raboud <o...@debian.org> Description: cups - Common UNIX Printing System(tm) - PPD/driver support, web interfa cups-bsd - Common UNIX Printing System(tm) - BSD commands cups-client - Common UNIX Printing System(tm) - client programs (SysV) cups-common - Common UNIX Printing System(tm) - common files cups-core-drivers - Common UNIX Printing System(tm) - driverless printing cups-daemon - Common UNIX Printing System(tm) - daemon cups-ipp-utils - Common UNIX Printing System(tm) - IPP developer/admin utilities cups-ppdc - Common UNIX Printing System(tm) - PPD manipulation utilities cups-server-common - Common UNIX Printing System(tm) - server common files libcups2 - Common UNIX Printing System(tm) - Core library libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library libcupscgi1 - Common UNIX Printing System(tm) - CGI library libcupsimage2 - Common UNIX Printing System(tm) - Raster image library libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li libcupsmime1 - Common UNIX Printing System(tm) - MIME library libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library Closes: 903605 Changes: cups (2.2.8-5) unstable; urgency=high . * CVE-2018-6553: Fix AppArmor cupsd sandbox bypass due to use of hard links (Closes: #903605) * All these were fixed in 2.2.8: - CVE-2018-4180 Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN) - CVE-2018-4181 Limited Local File Reads as Root via cupsd.conf Include Directive - CVE-2018-4182 cups-exec Sandbox Bypass Due to Insecure Error Handling - CVE-2018-4183 cups-exec Sandbox Bypass Due to Profile Misconfiguration Checksums-Sha1: 483f06886c5a7cb9cb478e7d052f3398c8bcd5a1 3467 cups_2.2.8-5.dsc ba22875e59a37ad516070520210efc1c89802498 351624 cups_2.2.8-5.debian.tar.xz Checksums-Sha256: 2f27b624cd965f100906ea5bba0abea9cc9daadbfef42bbeab021b8ffd184ce6 3467 cups_2.2.8-5.dsc 4f1e27226659d44d6b3409d7509d53ebd64976b85a0bb7331efd50d4e362d547 351624 cups_2.2.8-5.debian.tar.xz Files: ce46b9e693449e477fa5943bea687b72 3467 net optional cups_2.2.8-5.dsc 80e19d7cf637f8523c0b2bc43ae83639 351624 net optional cups_2.2.8-5.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEe+WPIRpjNw1/GSB7i8+nHsoWNFUFAltIXaEACgkQi8+nHsoW NFV+WAv/ZDZ7SuRdxkoupyG/Q2JrnIJuCCryRlUWKjudO0Wiu2c4VRc8eAUNcv+6 sSEFC6RDWuV2767BMkdvlbqIsoa/tpiIhP8CNJgOckKn645vvNxNAHq3+yshX6DD nLCUsdyXJc3NBSY2jUeFV8NIyd4An3GNHRmEUBTGfbCLR6I8Ux7BeKhRIQZWAljR w+LFdTNoXIxPe89ZU3D7+mFGYdg0apqLDObH7nStyPDU++oOh2OI0sNmjOA++ETY kGN7I8PO1lG6MnUpDwyU2WbPjI6ZSBBYlm6LWldfsmt67oUN2NxedXUy25HJd7XV OLV0dJCRQwzp9qDPI5pcDbOef+GB5KwUlPurK/LNPLPGymz3ZCxK2oynHRxkep3/ GZwEQPtcwaGgHtdfOWELOZ9A1Xa0bMs0/FhxODtds0cIDQ40f+6Wo1inw2NXZpse ajn0wcpymGMKWEeWs64mdb5mpv17KP8WWUgnTuYvol+L+kNyw7U9DgIOC4KuDTnX qyW/JG0o =pb3x -----END PGP SIGNATURE-----
--- End Message ---
