Skip to content

cups: Fix 6 CVE security vulnerabilities#14

Open
deepin-ci-robot wants to merge 1 commit into
masterfrom
fix/CVE-2026-39316-multi
Open

cups: Fix 6 CVE security vulnerabilities#14
deepin-ci-robot wants to merge 1 commit into
masterfrom
fix/CVE-2026-39316-multi

Conversation

@deepin-ci-robot
Copy link
Copy Markdown
Contributor

@deepin-ci-robot deepin-ci-robot commented Apr 15, 2026

Security Update

This PR fixes 6 critical security vulnerabilities in cups:

CVE List

  • CVE-2026-39316: use-after-free in cupsdDeleteTemporaryPrinters()
  • CVE-2026-39314: integer underflow in _ppdCreateFromIPP()
  • CVE-2026-34990: Authorization token vulnerability
  • CVE-2026-34980: page-border injection vulnerability
  • CVE-2026-34979: heap-based buffer overflow in filter options
  • CVE-2026-34978: RSS notifier path traversal

Changes

  • Added 6 security patches to debian/patches/
  • Updated debian/patches/series
  • Updated debian/changelog

Upstream Fixes

Testing

  • All patches apply cleanly with quilt
  • Build verification recommended

@deepin-ci-robot
cups: Fix 6 CVE security vulnerabilities
3c8e85a 
Fix CVE-2026-39316: use-after-free in cupsdDeleteTemporaryPrinters()
Fix CVE-2026-39314: integer underflow in _ppdCreateFromIPP()
Fix CVE-2026-34990: Authorization token vulnerability
Fix CVE-2026-34980: page-border injection vulnerability
Fix CVE-2026-34979: heap-based buffer overflow in filter options
Fix CVE-2026-34978: RSS notifier path traversal

Upstream fixes:
- OpenPrinting/cups@0142eeb
- OpenPrinting/cups@928a86b
- OpenPrinting/cups@e052dc4
- OpenPrinting/cups@8d0f51c
- OpenPrinting/cups@0ff8897
- OpenPrinting/cups@730347c
@deepin-ci-robot
Copy link
Copy Markdown
Contributor Author

deepin-ci-robot commented Apr 15, 2026

/hold
因为该quilt包的上游版本号变更,详情见: deepin-community/infra-settings#134

@deepin-ci-robot
Copy link
Copy Markdown
Contributor Author

deepin-ci-robot commented Apr 15, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zeno-sole for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 15, 2026

TAG Bot

TAG: 2.4.16-1deepin4
EXISTED: no
DISTRIBUTION: unstable

@deepin-community-ci-bot
Copy link
Copy Markdown

deepin-community-ci-bot Bot commented Apr 21, 2026

TAG Bot

New tag: 2.4.16-1deepin4
DISTRIBUTION: unstable
Suggest: synchronizing this PR through rebase #16

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chenchongbiao chenchongbiao Awaiting requested review from chenchongbiao

@justforlxz justforlxz Awaiting requested review from justforlxz

Assignees

No one assigned

Labels

do-not-merge/hold generated-by-ai

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@deepin-ci-robot @UTsweetyfish