MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: apt-listchanges: news for debian2
To: root@debian2
From: root

cups (1.4.4-7+squeeze2) stable-security; urgency=high

In order to mitigate a privilege escalation from the lpadmin to root
(CVE-2012-5519), the /etc/cups/cupsd.conf configuration file is split
in two configuration files:

* /etc/cups/cupsd.conf can be edited by members of the lpadmin group
through the cups web interface;
* /etc/cups/cups-files.conf can only be edited by root;

Many sensitive configuration statements can now only be set in
cups-files.conf. No statements have been moved automatically. Please
check the respective manpages.

-- Didier Raboud Sat, 29 Dec 2012 12:33:27 +0100


root@debian2:~# dpkg -l |grep cups
ii bluez-cups 4.66-3 Bluetooth printer driver for CUPS
ii cups 1.4.4-7+squeeze2 Common UNIX Printing System(tm) - server
ii cups-client 1.4.4-7+squeeze2 Common UNIX Printing System(tm) - client programs (SysV)