15562 – cups new security issue CVE-2014-8166

Bug 15562 - cups new security issue CVE-2014-8166

Summary: cups new security issue CVE-2014-8166

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Shlomi Fish
QA Contact:	Sec team

URL:
Whiteboard:	MGA5TOO, MGA4TOO
Keywords:

Depends on:
Blocks:

Reported:	2015-03-24 15:18 CET by David Walser
Modified:	2015-03-31 14:03 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	cups-2.0.2-2.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-03-24 15:18:49 CET

A security issue in CUPS has been announced:
http://openwall.com/lists/oss-security/2015/03/24/2

A patch for the issue in RedHat's Bugzilla is linked in the message above.

I don't believe upstream has addressed this yet.  It sounds like a very minor issue.

Mageia 4 and Mageia 5 are affected.

Reproducible: 

Steps to Reproduce:

David Walser 2015-03-24 15:18:55 CET

Whiteboard: (none) => MGA5TOO, MGA4TOO

Sander Lepik 2015-03-28 23:05:19 CET

CC: (none) => mageia
Assignee: thierry.vignaud => shlomif

Comment 1 Shlomi Fish 2015-03-30 09:40:10 CEST

The patch does not apply to our sources. I filed a comment on the RedHat bugzilla to ask about it:

https://bugzilla.redhat.com/show_bug.cgi?id=1084577#c6

Comment 2 Shlomi Fish 2015-03-31 14:03:01 CEST

(In reply to Shlomi Fish from comment #1)
> The patch does not apply to our sources. I filed a comment on the RedHat
> bugzilla to ask about it:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1084577#c6

That functionality was removed in CUPS-1.6 so it does not apply to us.

Closing.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.