public inbox for buildroot@busybox.net
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] package/cups: security bump to v2.4.16
@ 2026-02-26  8:44 Thomas Perale via buildroot
  2026-02-26 15:46 ` Peter Korsgaard
  2026-03-06 19:53 ` Thomas Perale via buildroot
  0 siblings, 2 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-02-26  8:44 UTC (permalink / raw)
  To: buildroot; +Cc: Angelo Compagnucci, Olivier Schonken

For more information on the version bump, see:
  - https://github.com/OpenPrinting/cups/blob/v2.4.16/CHANGES.md
  - https://github.com/OpenPrinting/cups/releases/tag/v2.4.16
  - https://github.com/OpenPrinting/cups/releases/tag/v2.4.15

Fixes the following vulnerabilities:

- CVE-2025-58436:
    OpenPrinting CUPS is an open source printing system for Linux and
    other Unix-like operating systems. Prior to version 2.4.15, a client
    that connects to cupsd but sends slow messages, e.g. only one byte per
    second, delays cupsd as a whole, such that it becomes unusable by
    other clients.

For more information, see
  - https://www.cve.org/CVERecord?id=CVE-2025-58436
  - https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4

- CVE-2025-61915:
    OpenPrinting CUPS is an open source printing system for Linux and
    other Unix-like operating systems. Prior to version 2.4.15, a user in
    the lpadmin group can use the cups web ui to change the config and
    insert a malicious line. Then the cupsd process which runs as root
    will parse the new config and cause an out-of-bound write.

For more information, see
  - https://www.cve.org/CVERecord?id=CVE-2025-61915
  - https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 package/cups/cups.hash | 2 +-
 package/cups/cups.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/cups/cups.hash b/package/cups/cups.hash
index a200a82deb..7c08a68c10 100644
--- a/package/cups/cups.hash
+++ b/package/cups/cups.hash
@@ -1,4 +1,4 @@
 # Locally calculated:
-sha256  660288020dd6f79caf799811c4c1a3207a48689899ac2093959d70a3bdcb7699  cups-2.4.14-source.tar.gz
+sha256  0339587204b4f9428dd0592eb301dec0bf9ea6ea8dce5d9690d56be585aba92d  cups-2.4.16-source.tar.gz
 sha256  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  LICENSE
 sha256  977206f041b9a6f47ac00531e1242c0fab7063da71178f8d868b167b70866b6d  NOTICE
diff --git a/package/cups/cups.mk b/package/cups/cups.mk
index e6de671174..d3e6094c67 100644
--- a/package/cups/cups.mk
+++ b/package/cups/cups.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CUPS_VERSION = 2.4.14
+CUPS_VERSION = 2.4.16
 CUPS_SOURCE = cups-$(CUPS_VERSION)-source.tar.gz
 CUPS_SITE = https://github.com/OpenPrinting/cups/releases/download/v$(CUPS_VERSION)
 CUPS_LICENSE = Apache-2.0 with GPL-2.0/LGPL-2.0 exception
-- 
2.53.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/cups: security bump to v2.4.16
  2026-02-26  8:44 [Buildroot] [PATCH] package/cups: security bump to v2.4.16 Thomas Perale via buildroot
@ 2026-02-26 15:46 ` Peter Korsgaard
  2026-03-06 19:53 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2026-02-26 15:46 UTC (permalink / raw)
  To: Thomas Perale via buildroot
  Cc: Thomas Perale, Angelo Compagnucci, Olivier Schonken

>>>>> "Thomas" == Thomas Perale via buildroot <buildroot@buildroot.org> writes:

 > For more information on the version bump, see:
 >   - https://github.com/OpenPrinting/cups/blob/v2.4.16/CHANGES.md
 >   - https://github.com/OpenPrinting/cups/releases/tag/v2.4.16
 >   - https://github.com/OpenPrinting/cups/releases/tag/v2.4.15

 > Fixes the following vulnerabilities:

 > - CVE-2025-58436:
 >     OpenPrinting CUPS is an open source printing system for Linux and
 >     other Unix-like operating systems. Prior to version 2.4.15, a client
 >     that connects to cupsd but sends slow messages, e.g. only one byte per
 >     second, delays cupsd as a whole, such that it becomes unusable by
 >     other clients.

 > For more information, see
 >   - https://www.cve.org/CVERecord?id=CVE-2025-58436
 >   - https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4

 > - CVE-2025-61915:
 >     OpenPrinting CUPS is an open source printing system for Linux and
 >     other Unix-like operating systems. Prior to version 2.4.15, a user in
 >     the lpadmin group can use the cups web ui to change the config and
 >     insert a malicious line. Then the cupsd process which runs as root
 >     will parse the new config and cause an out-of-bound write.

 > For more information, see
 >   - https://www.cve.org/CVERecord?id=CVE-2025-61915
 >   - https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0

 > Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/cups: security bump to v2.4.16
  2026-02-26  8:44 [Buildroot] [PATCH] package/cups: security bump to v2.4.16 Thomas Perale via buildroot
  2026-02-26 15:46 ` Peter Korsgaard
@ 2026-03-06 19:53 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-03-06 19:53 UTC (permalink / raw)
  To: Thomas Perale; +Cc: buildroot

In reply of:
> For more information on the version bump, see:
>   - https://github.com/OpenPrinting/cups/blob/v2.4.16/CHANGES.md
>   - https://github.com/OpenPrinting/cups/releases/tag/v2.4.16
>   - https://github.com/OpenPrinting/cups/releases/tag/v2.4.15
> 
> Fixes the following vulnerabilities:
> 
> - CVE-2025-58436:
>     OpenPrinting CUPS is an open source printing system for Linux and
>     other Unix-like operating systems. Prior to version 2.4.15, a client
>     that connects to cupsd but sends slow messages, e.g. only one byte per
>     second, delays cupsd as a whole, such that it becomes unusable by
>     other clients.
> 
> For more information, see
>   - https://www.cve.org/CVERecord?id=CVE-2025-58436
>   - https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4
> 
> - CVE-2025-61915:
>     OpenPrinting CUPS is an open source printing system for Linux and
>     other Unix-like operating systems. Prior to version 2.4.15, a user in
>     the lpadmin group can use the cups web ui to change the config and
>     insert a malicious line. Then the cupsd process which runs as root
>     will parse the new config and cause an out-of-bound write.
> 
> For more information, see
>   - https://www.cve.org/CVERecord?id=CVE-2025-61915
>   - https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Applied to 2025.02.x & 2025.11.x. Thanks

> ---
>  package/cups/cups.hash | 2 +-
>  package/cups/cups.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/package/cups/cups.hash b/package/cups/cups.hash
> index a200a82deb..7c08a68c10 100644
> --- a/package/cups/cups.hash
> +++ b/package/cups/cups.hash
> @@ -1,4 +1,4 @@
>  # Locally calculated:
> -sha256  660288020dd6f79caf799811c4c1a3207a48689899ac2093959d70a3bdcb7699  cups-2.4.14-source.tar.gz
> +sha256  0339587204b4f9428dd0592eb301dec0bf9ea6ea8dce5d9690d56be585aba92d  cups-2.4.16-source.tar.gz
>  sha256  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  LICENSE
>  sha256  977206f041b9a6f47ac00531e1242c0fab7063da71178f8d868b167b70866b6d  NOTICE
> diff --git a/package/cups/cups.mk b/package/cups/cups.mk
> index e6de671174..d3e6094c67 100644
> --- a/package/cups/cups.mk
> +++ b/package/cups/cups.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -CUPS_VERSION = 2.4.14
> +CUPS_VERSION = 2.4.16
>  CUPS_SOURCE = cups-$(CUPS_VERSION)-source.tar.gz
>  CUPS_SITE = https://github.com/OpenPrinting/cups/releases/download/v$(CUPS_VERSION)
>  CUPS_LICENSE = Apache-2.0 with GPL-2.0/LGPL-2.0 exception
> -- 
> 2.53.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-03-06 19:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-26  8:44 [Buildroot] [PATCH] package/cups: security bump to v2.4.16 Thomas Perale via buildroot
2026-02-26 15:46 ` Peter Korsgaard
2026-03-06 19:53 ` Thomas Perale via buildroot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox