[v2.7] cups: multiple fixes (CVE-2013-6891 CVE-2014-2856)
CVE-2014-2856:
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common
Unix Printing System (CUPS) before 1.7.2 allows remote attackers to
inject arbitrary web script or HTML via the URL path, related to the
is_path_absolute function.
•MLIST:[oss-security] 20140414 CVE request: cross-site scripting issue
fixed in CUPS 1.7.2
•URL: http://www.openwall.com/lists/oss-security/2014/04/14/2
•MLIST:[oss-security] 20140415 Re: CVE request: cross-site scripting
issue fixed in CUPS 1.7.2
•URL: http://www.openwall.com/lists/oss-security/2014/04/15/3
•CONFIRM: http://www.cups.org/documentation.php/relnotes.html
•CONFIRM: http://www.cups.org/str.php?L4356
•SECUNIA:57880
•URL: http://secunia.com/advisories/57880
(from redmine: issue id 2951, created on 2014-05-23, closed on 2014-06-24)
- Relations:
- parent #2948 (closed)
- Changesets:
- Revision 2ade857a by Natanael Copa on 2014-05-28T16:23:33Z:
main/cups: security upgrade tp 1.7.3 (CVE-2014-2856)
fixes #2951