Bug 15562

Summary: cups new security issue CVE-2014-8166
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Shlomi Fish <shlomif>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard: MGA5TOO, MGA4TOO
Source RPM: cups-2.0.2-2.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-03-24 15:18:49 CET 
A security issue in CUPS has been announced:
http://openwall.com/lists/oss-security/2015/03/24/2

A patch for the issue in RedHat's Bugzilla is linked in the message above.

I don't believe upstream has addressed this yet.  It sounds like a very minor issue.

Mageia 4 and Mageia 5 are affected.

Reproducible: 

Steps to Reproduce:
David Walser 2015-03-24 15:18:55 CET

Whiteboard: (none) => MGA5TOO, MGA4TOO

Sander Lepik 2015-03-28 23:05:19 CET

CC: (none) => mageia
Assignee: thierry.vignaud => shlomif

Comment 1 Shlomi Fish 2015-03-30 09:40:10 CEST 
The patch does not apply to our sources. I filed a comment on the RedHat bugzilla to ask about it:

https://bugzilla.redhat.com/show_bug.cgi?id=1084577#c6
Comment 2 Shlomi Fish 2015-03-31 14:03:01 CEST 
(In reply to Shlomi Fish from comment #1)
> The patch does not apply to our sources. I filed a comment on the RedHat
> bugzilla to ask about it:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1084577#c6

That functionality was removed in CUPS-1.6 so it does not apply to us.

Closing.

Status: NEW => RESOLVED
Resolution: (none) => INVALID