Subject: CUPS vulnerabilities fixed? Need to update pkg-vulnerabilities file
To: None <tech-pkg@netbsd.org, jlam@pkgsrc.org>
From: Andrew Daugherity <andrew.daugherity@gmail.com>
List: tech-pkg
Date: 02/22/2006 22:35:45
I see that the new CUPS package (1.1.23nb7) has supposedly fixed the
security issue:
[From CVS log for print/cups/Makefile, Revision 1.103.2.1]
  Port the security fixes for SA18303 from print/xpdf to print/cups.

Thanks for importing the patches!

However, the pkg-vulnerabilities file still shows all versions of CUPS
as being vulnerable:
cups-[0-9]*             1721,denial-of-service        =20
http://secunia.com/advisories/18332/
cups-[0-9]*             1722,arbitrary-code-execution =20
http://secunia.com/advisories/18332/

If the recent patches have indeed corrected these advisories, could
someone please update the pkg-vulnerabilities file?  (Note that SA
18332 is for CUPS, 18303 is for xpdf, but they seem to describe the
same vulnerability.)


Regards,

Andrew Daugherity