oss-sec mailing list archives

Re: hplip: security issues in `hpps` program due to fixed /tmp path usage in prnt/hpps/hppsfilter.c

From: Matthias Gerstner <mgerstner () suse de>
Date: Mon, 20 Nov 2023 14:39:02 +0100

Hi,

thank you both for your suggestions. I just reached out to
hp-security-alert () hp com about this.

There are a couple of other hplip issues I know of that have also been
left unattended for a long time that I mentioned there as well.

Best Regards

Matthias

On Sun, Nov 19, 2023 at 07:11:37AM -0500, Mike O'Connor wrote:

[removing security () hpe com from the Cc:]

This is for hp.com product security, not hpe.com.  HP and HPE are two
separate companies, and HPE isn't the printer company.  

To report a potential security vulnerability with a HP product,
contact: hp-security-alert () hp com

Both HPE and HP are CVE CNAs.  Here's HP's CVE CNA information:
https://www.cve.org/PartnerInformation/ListofPartners/partner/hp


HTH,
-Mike


:Thanks for making the community aware of this issue.
:
:Perhaps security () hpe com can help to route internally to get a CVE issued
:and find the appropriate owners to fix.

Attachment: signature.asc
Description:

Current thread:

hplip: security issues in `hpps` program due to fixed /tmp path usage in prnt/hpps/hppsfilter.c Matthias Gerstner (Nov 17)
- Re: hplip: security issues in `hpps` program due to fixed /tmp path usage in prnt/hpps/hppsfilter.c Roxana Bradescu (Nov 18)
  - Re: hplip: security issues in `hpps` program due to fixed /tmp path usage in prnt/hpps/hppsfilter.c Mike O'Connor (Nov 19)
    - Re: hplip: security issues in `hpps` program due to fixed /tmp path usage in prnt/hpps/hppsfilter.c Matthias Gerstner (Nov 20)
    - Re: hplip: security issues in `hpps` program due to fixed /tmp path usage in prnt/hpps/hppsfilter.c Alex Murray (Nov 30)
    - Re: hplip: security issues in `hpps` program due to fixed /tmp path usage in prnt/hpps/hppsfilter.c Matthias Gerstner (Nov 30)