-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2010-06-18 10:26:08 UTC
-
mfrom:
(17.1.4 jaunty-proposed)
-
Revision ID:
james.westby@ubuntu.com-20100618102608-j17xuht8e5n7h9lj
Tags: 1.3.9-17ubuntu3.9
* SECURITY UPDATE: cross-site request forgery in admin interface
- debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
templates/*.tmpl.
- CVE-2010-0540
* SECURITY UPDATE: denial of service or arbitrary code execution in
texttops image filter
- debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
filter/texttops.c.
- CVE-2010-0542
* SECURITY UPDATE: web interface memory disclosure
- debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
- CVE-2010-1748
* SECURITY UPDATE: file overwrite vulnerability
- debian/patches/security-str3510.dpatch: introduce cups_open() in
cups/file.c and use to make sure hard-linked or symlinked files don't
get overwritten as root.
- No CVE number