oss-sec mailing list archives
CVE request: CUPS DoS via RSS subscriptions
From: Kees Cook <kees () ubuntu com>
Date: Wed, 19 Nov 2008 11:07:45 -0800
Hello! I'd like to get a CVE assigned for the RSS subscription DoS mentioned here[1]. It seems that CUPS upstream already fixed[2] the issue[3] in their 1.3.8 release. Prior to 1.3.8, the server can be made to crash when visiting a malicious website due to CUPS general CSRF issues. Thanks, -Kees [1] https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ [2] http://www.cups.org/strfiles/2774/str2774.patch [3] http://www.cups.org/str.php?L2774 -- Kees Cook Ubuntu Security Team
Current thread:
- CVE request: CUPS DoS via RSS subscriptions Kees Cook (Nov 19)
- Re: CVE request: CUPS DoS via RSS subscriptions Steven M. Christey (Nov 20)
- Re: CVE request: CUPS DoS via RSS subscriptions Eygene Ryabinkin (Nov 20)
- Re: CVE request: CUPS DoS via RSS subscriptions Michael Sweet (Nov 21)
- Re: CVE request: cups - potential integer overflow in PNG image reader [was: CUPS DoS via RSS subscriptions] Jan Lieskovsky (Nov 25)
- Re: CVE request: cups - potential integer overflow in PNG image reader [was: CUPS DoS via RSS subscriptions] Eygene Ryabinkin (Nov 25)
- Re: CVE request: cups - potential integer overflow in PNG image reader [was: CUPS DoS via RSS subscriptions] Tomas Hoger (Nov 25)
- Message not available
- Message not available
- Re: CVE request: cups - potential integer overflow in PNG image reader [was: CUPS DoS via RSS subscriptions] Tomas Hoger (Dec 03)
- Re: CVE request: CUPS DoS via RSS subscriptions Eygene Ryabinkin (Nov 20)
- Re: CVE request: CUPS DoS via RSS subscriptions Steven M. Christey (Nov 20)
- <Possible follow-ups>
- Re: CVE request: CUPS DoS via RSS subscriptions Josh Bressers (Nov 19)
- Re: CVE request: CUPS DoS via RSS subscriptions Eygene Ryabinkin (Nov 19)
- Re: CVE request: CUPS DoS via RSS subscriptions Michael Sweet (Nov 19)
- Re: CVE request: CUPS DoS via RSS subscriptions Eygene Ryabinkin (Nov 19)