~ubuntu-core-dev/cups/lucid

Viewing all changes in revision 861.

  • Committer: Martin Pitt
  • Date: 2010-08-16 09:27:33 UTC
  • Revision ID: mpitt@debian.org-20100816092733-d3s3n9ut7ztbc4qr
* SECURITY UPDATE: cross-site request forgery in admin interface
  - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
    to cgi-bin/cgi.h, cgi-bin/libcupscgi.exp, cgi-bin/template.c,
    cgi-bin/var.c, templates/*.tmpl.
  - CVE-2010-0540
* SECURITY UPDATE: denial of service or arbitrary code execution in
  texttops image filter
  - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
    filter/texttops.c.
  - CVE-2010-0542
* SECURITY UPDATE: web interface memory disclosure
  - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
  - CVE-2010-1748
* SECURITY UPDATE: file overwrite vulnerability
  - debian/patches/security-str3510.dpatch: introduce cups_open() in
    cups/file.c and use to make sure hard-linked or symlinked files don't
    get overwritten as root.
  - No CVE number
* debian/libcupscgi1.symbols: Add new symbols

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: