UbuntuUpdates.org

Package "libfontembed-dev"

Name: libfontembed-dev

Description:

OpenPrinting CUPS Filters - Development files for font embed library

Latest version: 1.28.15-0ubuntu1.4
Release: jammy (22.04)
Level: updates
Repository: main
Head package: cups-filters
Homepage: http://www.openprinting.org/

Links


Download "libfontembed-dev"


Other versions of "libfontembed-dev" in Jammy

Repository Area Version
base main 1.28.15-0ubuntu1
security main 1.28.15-0ubuntu1.4

Changelog

Version: 1.28.15-0ubuntu1.4 2024-10-09 17:07:06 UTC

  cups-filters (1.28.15-0ubuntu1.4) jammy-security; urgency=medium

  * SECURITY UPDATE: more complete fix for CVE-2024-47176
    - debian/patches/CVE-2024-47176-2.patch: completely remove support for
      legacy CUPS protocol and LDAP.
    - CVE-2024-47176
  * debian/patches/sec-202409-1.patch: renamed to CVE-2024-47076.patch.
  * debian/patches/sec-202409-2.patch: renamed to CVE-2024-47176-1.patch.

 -- Marc Deslauriers <email address hidden> Tue, 08 Oct 2024 07:41:04 -0400

Source diff to previous version
CVE-2024-47176 CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, aut
CVE-2024-47076 CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as

Version: 1.28.15-0ubuntu1.3 2024-09-27 01:06:59 UTC

  cups-filters (1.28.15-0ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: PPD injection issues (LP: #2082335)
    - debian/patches/sec-202409-1.patch: validate response attributes
      before return in cupsfilters/ipp.c.
    - debian/patches/sec-202409-2.patch: disable legacy CUPS protocol in
      configure.ac.
    - CVE number pending

 -- Marc Deslauriers <email address hidden> Thu, 26 Sep 2024 10:21:15 -0400

Source diff to previous version

Version: 1.28.15-0ubuntu1.2 2023-05-17 18:07:23 UTC

  cups-filters (1.28.15-0ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: code execution in beh CUPS backend
    - debian/patches/CVE-2023-24805-1.patch: use execv() instead of
      system() in backend/beh.c.
    - debian/patches/CVE-2023-24805-2.patch: extra checks against
      odd/forged input in backend/beh.c.
    - debian/patches/CVE-2023-24805-3.patch: further improvements in
      backend/beh.c.
    - CVE-2023-24805

 -- Marc Deslauriers <email address hidden> Mon, 15 May 2023 10:35:05 -0400




About   -   Send Feedback to @ubuntu_updates