On Mon, Jun 10, 2013 at 1:15 PM, Vincent Lefevre <vinc...@vinc17.net> wrote: > I reported a bug involving private data disclosure, more precisely, > on some network, when printing a file with CUPS 1.6, the file is > printed on a wrong printer[*]. The bug severity was downgraded to > important (i.e. non-RC), despite the obvious security problem. The > given reason was that this kind of security problem is not mentioned > on: > > http://www.debian.org/Bugs/Developer.en.html#severities > > If Debian really minds about some forms of security bugs such as > private data disclosure, something should be done... Perhaps replace > > allowing access to the accounts of users who use the package > > by > > allowing access to private data of users who use the package > > (BTW, logging passwords in general log files would fall in the same > class of security bugs.) > > [*] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711848 > > -- > Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/> > 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> > Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) >
Hi, hplip is affected by the same kind of bug see #653062. I am a teacher and instead of printing on the correct printer it print the subject of my test on the student network printer*.... Bastien * i have the same short name of the printer of the student and staff network only the FQDN change... > -- > To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20130610111552.ga17...@ypig.lip.ens-lyon.fr > -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cae2spazxbu6dikxykp0r0igc5rpgjfftv+dyvswmzzlmluv...@mail.gmail.com
