diff options
| author | Didier Raboud <odyx@debian.org> | 2014-07-30 09:02:13 +0200 |
|---|---|---|
| committer | Didier Raboud <odyx@debian.org> | 2014-07-30 09:02:30 +0200 |
| commit | 9a51df8615b25939e5a04e9403d7608a23b9ec98 (patch) | |
| tree | b934ad661a0a286dbc747a143e70d591f7377764 | |
| parent | 011ac69c53d1a886f1ee10deb819424a1c49090d (diff) | |
| download | cups-debian/1.4.4-7+squeeze6.tar.gz | |
cups 1.4.4-7+squeeze6 Debian squeeze-lts release.debian/1.4.4-7+squeeze6
| -rw-r--r-- | debian/changelog | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 74f57bc3..562d58a8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +cups (1.4.4-7+squeeze6) squeeze-lts; urgency=medium + + * Backport upstream patches to fix: + - insufficient checking when allowing files download from the webinterface + (STR #4455), fixes CVE-2014-5029, CVE-2014-5030 and CVE-2014-5031 + - privilege escalation through the CUPS webinterface (STR #4450), fixes + CVE-2014-3537. + + -- Didier Raboud <odyx@debian.org> Wed, 30 Jul 2014 09:02:13 +0200 + cups (1.4.4-7+squeeze5) oldstable; urgency=low * Import upstream patch to fix XSS in the CUPS webinterface (STR #4356), |