diff options
Diffstat (limited to 'debian/cups.NEWS')
-rw-r--r-- | debian/cups.NEWS | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/debian/cups.NEWS b/debian/cups.NEWS new file mode 100644 index 000000000..d4a087d0d --- /dev/null +++ b/debian/cups.NEWS @@ -0,0 +1,15 @@ +cups (1.5.3-2.7) unstable; urgency=low + + In order to mitigate a privilege escalation from the lpadmin to root + (CVE-2012-5519), the /etc/cups/cupsd.conf configuration file is split + in two configuration files: + + * /etc/cups/cupsd.conf can be edited by members of the lpadmin group + through the cups web interface; + * /etc/cups/cups-files.conf can only be edited by root; + + Many sensitive configuration statements can now only be set in + cups-files.conf. No statements have been moved automatically. Please + check the respective manpages. + + -- Didier Raboud <odyx@debian.org> Tue, 04 Dec 2012 12:13:14 +0100 |