Bug number - 692791

Part of package: cups.

Bug description:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
Debian Bug report logs -  #692791 members of lpadmin can read every file on server via cups
Package:      cups; Maintainer for cups is Debian Printing Team <debian-printing@lists.debian.org>; Source for cups is src:cups (PTS, buildd, popcon).
Reported by: Jörg Ludwig <joerg.ludwig@iserv.eu>
Date: Thu,  8 Nov 2012 22:48:02 UTC
Severity: critical
Tags: security
Found in versions cups/1.4.4-7+squeeze1, cups/1.5.3-2.6, cups/1.5.3-2.4
Fixed in versions cups/1.5.3-2.7, cups/1.4.4-7+squeeze2, cups/1.6.1-1
Done: Didier Raboud <odyx@debian.org>
Bug is archived. No further changes may be made.Forwarded to https://www.cups.org/str.php?L4223

All x-patch and x-diff attachments.

Patch	Author	Date
CVE-2012-5519.patch	Marc Deslauriers <marc.deslauriers@canonical.com>	Tue, 27 Nov 2012 09:30:46 -0500
CVE-2012-5519.patch	"Didier 'OdyX' Raboud" <odyx@debian.org>	Tue, 27 Nov 2012 21:51:31 +0100
split-configuration-files-STR4223.patch	"Didier 'OdyX' Raboud" <odyx@debian.org>	Fri, 30 Nov 2012 11:26:12 +0100
cups_1.4.4-7+squeeze2~OdyX0.debdiff	"Didier 'OdyX' Raboud" <odyx@debian.org>	Sat, 8 Dec 2012 01:58:46 +0100

Original bug report here.