[ubuntu/resolute-proposed] cups 2.4.12-0ubuntu5 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Dec 4 16:50:18 UTC 2025 

cups (2.4.12-0ubuntu5) resolute; urgency=medium

  * SECURITY UPDATE: Slow client communication leads to a possible DoS
    attack
    - debian/patches/CVE-2025-58436-1.patch: fix unresponsive cupsd process
      caused by a slow client in cups/http-private.h, cups/http.c,
      cups/tls-openssl.c, scheduler/client.c, scheduler/client.h,
      scheduler/select.c.
    - debian/patches/CVE-2025-58436-2.patch: fix an infinite loop issue in
      GTK+ in cups/http.c.
    - CVE-2025-58436
  * SECURITY REGRESSION: issue with invalid configuration (LP: #2133207)
    - debian/patches/lp2133207.patch: fix stopping scheduler on unknown
      directive in scheduler/conf.c.

Date: Thu, 04 Dec 2025 11:25:07 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/cups/2.4.12-0ubuntu5
-------------- next part --------------
Format: 1.8
Date: Thu, 04 Dec 2025 11:25:07 -0500
Source: cups
Built-For-Profiles: noudeb
Architecture: source
Version: 2.4.12-0ubuntu5
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Launchpad-Bugs-Fixed: 2133207
Changes:
 cups (2.4.12-0ubuntu5) resolute; urgency=medium
 .
   * SECURITY UPDATE: Slow client communication leads to a possible DoS
     attack
     - debian/patches/CVE-2025-58436-1.patch: fix unresponsive cupsd process
       caused by a slow client in cups/http-private.h, cups/http.c,
       cups/tls-openssl.c, scheduler/client.c, scheduler/client.h,
       scheduler/select.c.
     - debian/patches/CVE-2025-58436-2.patch: fix an infinite loop issue in
       GTK+ in cups/http.c.
     - CVE-2025-58436
   * SECURITY REGRESSION: issue with invalid configuration (LP: #2133207)
     - debian/patches/lp2133207.patch: fix stopping scheduler on unknown
       directive in scheduler/conf.c.
Checksums-Sha1:
 3fbce3a110f99dd74e77b1c57e2ee94c414071f5 3203 cups_2.4.12-0ubuntu5.dsc
 c3bca8fd36234b24a0afcc820193efab9f663b95 408260 cups_2.4.12-0ubuntu5.debian.tar.xz
 cdba2ddb669264b5ff09d09f564f1fd4a8144d67 11338 cups_2.4.12-0ubuntu5_source.buildinfo
Checksums-Sha256:
 a85b1ff4b2ee6c4be6ddc4c363634cc3aa797a6b7ab801c42c09b360c7cca1b3 3203 cups_2.4.12-0ubuntu5.dsc
 fc339366e8ae71f0a5f675da2199931623c5476a0788f15a9181e787baf7c6b2 408260 cups_2.4.12-0ubuntu5.debian.tar.xz
 bf4c502f728852463c457d70d332e7d33c8ae9cc5d40b787d83545b901ba057a 11338 cups_2.4.12-0ubuntu5_source.buildinfo
Files:
 f979862a29bb45796c58709e83ed0814 3203 net optional cups_2.4.12-0ubuntu5.dsc
 4dace8df4cecd2bbfda7e287434af0ea 408260 net optional cups_2.4.12-0ubuntu5.debian.tar.xz
 3aed6308a0d302a5e5b13c866c2fe4b0 11338 net optional cups_2.4.12-0ubuntu5_source.buildinfo
Original-Maintainer: Debian Printing Team <debian-printing at lists.debian.org>

More information about the Resolute-changes mailing list