Accepting request 41683 from home:jsmeix:branches:Printing

Copy from home:jsmeix:branches:Printing/cups via accept of submit request 41683 revision 2. Request was accepted with message: Bugfix version upgrade to CUPS 1.4.4 which fixes in particular bnc#601830, bnc#601352, bnc#604271 OBS-URL: https://build.opensuse.org/request/show/41683 OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=200
2010-06-18 08:05:06 +00:00
parent 0a33202b6c
commit f2db012a5a
4 changed files with 32 additions and 6 deletions
--- a/cups.changes
+++ b/cups.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Fri Jun 18 09:11:02 CEST 2010 - jsmeix@suse.de
+
+- Upgraded to CUPS 1.4.4
+  CUPS 1.4.4 fixes several security, scheduler, printing,
+  and conformance issues, in particular:
+  * The web interface now includes additional CSRF protection
+    (CVE-2010-0540, STR #3498, STR #3593, and
+     Novell/Suse Bugzilla bnc#601830)
+  * The texttops filter did not check the results of allocations
+    (CVE-2010-0542, STR #3516, Novell/Suse Bugzilla bnc#601352)
+  * The web admin interface could disclose the contents of memory
+    (CVE-2010-1748, STR #3577, Novell/Suse Bugzilla bnc#604271)
+  * The fix for CVE-2009-3553 (STR #3200) was incomplete
+    for systems that use kqueue or epoll (STR #3490)
+  * CUPS could overwrite files as root in directories owned or
+    writable by non-root users (STR #3510)
+  * The OpenSSL interfaces have been made thread-safe and
+    the GNU TLS interface is explicitly forbidden
+    when threading is enabled (STR #3461)
+  * The scheduler could crash on restart if classes
+    were defined (STR #3524)
+  * The socket backend no longer waits for back-channel data
+    on platforms other than Mac OS X (STR #3495)
+  * For a complete list see the CHANGES.txt file.
+
 -------------------------------------------------------------------
 Mon Jun 14 14:47:29 CEST 2010 - vuntz@opensuse.org