[v2.5] cups: incomplete fix for CVE-2014-3537 (CVE-2014-5029 CVE-2014-5030 CVE-2014-5031)
Incomplete fix for CVE-2014-3537 (http://www.cups.org/str.php?L4450) results in CVE-2014-5029/5030/5031.
Affected versions: could be CUPS before 1.7.4.
Patches are available for 2.0 and 1.7:
2.0: https://cups.org/strfiles.php/3370/str4455\_v2.patch
1.7: https://cups.org/strfiles.php/3371/str4455-1.7.patch
References:
https://cups.org/str.php?L4455
http://seclists.org/oss-sec/2014/q3/220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031
(from redmine: issue id 3251, created on 2014-07-29, closed on 2014-08-22)
- Relations:
- parent #3250 (closed)
- Changesets:
- Revision e2856516 by Natanael Copa on 2014-08-21T09:39:08Z:
main/cups: security fix (CVE-2014-3537,CVE-2014-5029,5030,5031)
fixes #3251