Source: cups-filters Version: 1.28.17-3 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for cups-filters. CVE-2024-47177[0]: | CUPS is a standards-based, open-source printing system, and cups- | filters provides backends, filters, and other software for CUPS 2.x | to use on non-Mac OS systems. Any value passed to | `FoomaticRIPCommandLine` via a PPD file will be executed as a user | controlled command. When combined with other logic bugs as described | in CVE_2024-47176, this can lead to remote command execution. No fix from upstream yet on this one. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-47177 https://www.cve.org/CVERecord?id=CVE-2024-47177 [1] https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
