[cups-devel] [HIGH] STR #4455: Incomplete fix for CVE-2014-3537 (CVE-2014-5029/5030/5031)

Tim Waugh noreply at cups.org
Thu Jul 31 01:45:10 PDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR Resolved]

The world-readability test breaks authenticated 'GET /admin/log/error_log'
requests. Is that intentional?

Link: https://www.cups.org/str.php?L4455
Version: 1.7.4
Fix Version: 2.0-current (r12055)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJT2gIWAAoJENujp6sI12Iji/QQAJX8EatPo8hu8ofVY/dblEcd
rOhf1YOHKpZf5arWFxWhjSXKY6vzWVlSd3CVlhBIRXbk3l9QNEJGn3r6aFzkXyBC
IgqWrrgZjfr1q8DpNVDsnT31IA5lMtYqoBI6Ga0iYVgEFqkWnEjbivlmfqX8mz0u
RDlKD46VzU0rZjGYO/ChtolW6PsN/5bbvAwrYzt4uoomvRkUnBbpEQ3l4wLfg3As
pujLI4JfnWzqMRf19SCdSy+hlVMs12yqgRGhhSMEJ8E6ytBV7REONxBB0PP33OKs
6zNmA5uElPmDDnR3Vsdt9+OvG9SqjvppoY4YeUqnSYijtc2DBkxaZ8O62kAgACjW
StdTeDOw9cS7w3ZQrU/sEhYbFp8HQNAxBDx4Awdm9RSGNaSZcxpCMfhvpPiwIokf
/dd3ctdkLEBxzDNa1FnMtplqttnVhEukSNQeykgWZ7xdlI6N6Kd8vCvLDhvNY+iz
mWUsvmhi3xSCLvG2P3v6IGHFEMQ9hGyahiu6/H0/+UbIsl2GPpHJB4eVgFyP/nWl
xyOR2BfD7l0Z8jk027kN61awTyp7x1RcI986gaGJhLgStHPQ3YR/cdJYNxYWo0Q4
05bEKenA1tSiBdS5mSduuxFeKXvX8xK02Rai0DAiEAFRmcLa6nDXfnD5Epsk/Xca
ICjcAGfQPYZPTzyoIVx7
=T61I
-----END PGP SIGNATURE-----




More information about the cups mailing list