Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 11 Nov 2012 20:29:41 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Privilege escalation (lpadmin -> root) in cups

On sam., 2012-11-10 at 14:01 +0100, Yves-Alexis Perez wrote:
> On sam., 2012-11-10 at 13:49 +0100, Yves-Alexis Perez wrote:
> > Hi,
> > 
> > a Debian user reported a bug in our BTS concerning cupsd. The bug is
> > available at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791 and
> > upstream bug at http://www.cups.org/str.php?L4223 (restricted because
> > it's tagged security).
> > 
> By the way, it seems that the CUPS security contact at
> http://oss-security.openwall.org/wiki/software#cups doesn't work, I just
> received a bounce. Does someone know a mail address to reach them?
> 
Followup on that:

I had the information by the person reporting the bug #4223. He had an
answer there that the security contact for Apple was security@...le.com
and the one for CUPS was security@...s.org (which was notified because
the bug was tagged security).

I've edited the wiki to correct the information there.

Regards,
-- 
Yves-Alexis

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.