-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2008-11-18 13:39:37 UTC
-
Revision ID:
james.westby@ubuntu.com-20081118133937-hdzwtyh4z91yozp0
Tags: 2.7.7.dfsg.1-0ubuntu5.1
* SECURITY UPDATE: privilege escalation using the hplip alert-mailing
functionality.
- debian/patches/91_SECURITY_CVE-2008-2940.dpatch: fix handle_event()
in hpssd.py to validate device-uri parameter and disable
handle_setalerts(). This fix alters hplip behaviour by preventing
users from setting alerts and by moving alert configuration to a
root-controlled /etc/hp/alerts.conf file.
- CVE-2008-2940
* SECURITY UPDATE: denial of service in hpssd message parser.
- debian/patches/92_SECURITY_CVE-2008-2941.dpatch: fix handle_event()
in hpssd.py to correctly validate parameters.
- CVE-2008-2941