No subject


Fri Oct 14 12:31:44 PDT 2016


The first release candidate for version 1.1.23 of the Common
UNIX Printing System ("CUPS") is now available for download from
the CUPS web site at:

     http://www.cups.org/software.php

In accordance with the CUPS Configuration Management Plan, you
now have until Friday, December 31st to test this release
candidate to determine if there are any high-priority problems
and report them using the Software Trouble Report form at:

     http://www.cups.org/str.php

Reports sent to the CUPS newsgroups or mailing lists are not
automatically entered into the trouble report database and will
not influence the final production release of 1.1.23, so it is
very important that you report any problems you identify using
the form.

CUPS 1.1.23 is a bug fix release which fixes two security
vulnerabilities reported by Daniel J. Bernstein (djb at cr.yp.to).
The new release also contains other minor bug and documentation
fixes that are not security related.


CHANGES IN CUPS V1.1.23rc1

	- The lpr man page did not document the "-U" option (STR
	  #998)
	- The scheduler no longer sends the page-set option when
	  printing banner pages (STR #995)
	- Fixed a debug message in the imagetops filter (STR
	  #1012)
	- The lprm man page listed the "-" option in the wrong
	  order (STR #911)
	- The hpgltops filter contained two buffer overflows
	  that could potentially allow remote access to the "lp"
	  account (STR #1024)
	- The lppasswd command did not protect against file
	  descriptor or ulimit attacks (STR #1023)
	- The "lpc status" command used the wrong resource path
	  when querying the list of printers and jobs, causing
	  unnecessary authentication requests (STR #1018)
	- The httpWait() function did not handle signal
	  interruptions (STR #1020)
	- The USB backend used the wrong size status variable
	  when checking the printer status (STR #1017)
	- The scheduler did not delete classes from other
	  classes or implicit classes, which could cause a crash
	  (STR #1015)
	- The IPP backend now logs the remote print job ID at
	  log level NOTICE instead of INFO (so it shows up in
	  the error_log file...)





More information about the cups mailing list