[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-47175/{cups,libppd)

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a792c46 by Salvatore Bonaccorso at 2024-09-27T21:16:32+02:00
Update status for CVE-2024-47175/{cups,libppd)

libppd itself in Debian used a very old version, and is not affected by
the issue, but cups, embedding newer versions is. Update the tracking to
reflect this status and add additional commits related to this update
for cups itself in the 2.4.x series.

Link: https://www.openwall.com/lists/oss-security/2024/09/27/3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -455,10 +455,17 @@ CVE-2024-47177 (CUPS is a standards-based, open-source printing system, and cups
 	NOTE: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
 CVE-2024-47175 (CUPS is a standards-based, open-source printing system, and `libppd` c ...)
 	- cups <unfixed>
-	- libppd <removed>
+	- libppd <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
 	NOTE: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
+	NOTE: Introduced after: https://github.com/OpenPrinting/libppd/commit/788993656f8e9260961c42c140ff2b5a07d364aa (2.0b1)
 	NOTE: Fixed by: https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477
+	NOTE: Additional bugfixes (https://www.openwall.com/lists/oss-security/2024/09/27/3)
+	NOTE: https://github.com/OpenPrinting/cups/commit/9939a70b750edd9d05270060cc5cf62ca98cfbe5
+	NOTE: https://github.com/OpenPrinting/cups/commit/04bb2af4521b56c1699a2c2431c56c05a7102e69
+	NOTE: https://github.com/OpenPrinting/cups/commit/e0630cd18f76340d302000f2bf6516e99602b844
+	NOTE: https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd
+	NOTE: https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b
 CVE-2024-47076 (CUPS is a standards-based, open-source printing system, and `libcupsfi ...)
 	- libcupsfilters 2.0.0-3 (bug #1082821)
 	- cups-filters 1.28.17-5 (bug #1082827)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a792c46be8418948adc4766edd50d000d4d6673

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a792c46be8418948adc4766edd50d000d4d6673
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240927/b0fbf7cf/attachment-0001.htm>