From: Julien Olivain via buildroot <buildroot@buildroot.org>
To: Thomas Perale <thomas.perale@mind.be>
Cc: buildroot@buildroot.org,
Angelo Compagnucci <angelo.compagnucci@gmail.com>,
Olivier Schonken <olivier.schonken@gmail.com>
Subject: Re: [Buildroot] [PATCH] package/cups: security bump to v2.4.17
Date: Mon, 20 Apr 2026 22:57:23 +0200 [thread overview]
Message-ID: <2da1be3a1748889af9c813293acbee15@free.fr> (raw)
In-Reply-To: <20260420195520.191853-1-thomas.perale@mind.be>
On 20/04/2026 21:55, Thomas Perale via buildroot wrote:
> For more information about the release, see:
>
> - https://github.com/OpenPrinting/cups/releases/tag/v2.4.17
> - https://github.com/OpenPrinting/cups/blob/2.4.x/CHANGES.md
>
> The new release 2.4.17 contains the following security fixes:
>
> - CVE-2026-27447: The scheduler treated local user and group names as
> case-insensitive.
> https://www.cve.org/CVERecord?id=CVE-2026-27447
>
> - CVE-2026-34978: The RSS notifier could write outside the scheduler's
> RSS directory.
> https://www.cve.org/CVERecord?id=CVE-2026-34978
>
> - CVE-2026-34979: The scheduler did not always allocate enough memory
> for a job's options string.
> https://www.cve.org/CVERecord?id=CVE-2026-34979
>
> - CVE-2026-34980: The scheduler did not filter control characters from
> option values.
> https://www.cve.org/CVERecord?id=CVE-2026-34980
>
> - CVE-2026-34990: The scheduler incorrectly allowed local certificates
> over the loopback interface.
> https://www.cve.org/CVERecord?id=CVE-2026-34990
>
> - CVE-2026-39314: Fixed the range check for job password strings.
> https://www.cve.org/CVERecord?id=CVE-2026-39314
>
> - CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
> https://www.cve.org/CVERecord?id=CVE-2026-39316
>
> - CVE-2026-41079: Fixed a SNMP string conversion bug in the backends.
> https://www.cve.org/CVERecord?id=CVE-2026-41079
>
> Also updated patch offsets.
>
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2026-04-20 20:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-20 19:55 [Buildroot] [PATCH] package/cups: security bump to v2.4.17 Thomas Perale via buildroot
2026-04-20 20:57 ` Julien Olivain via buildroot [this message]
2026-05-04 14:47 ` Thomas Perale via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2da1be3a1748889af9c813293acbee15@free.fr \
--to=buildroot@buildroot.org \
--cc=angelo.compagnucci@gmail.com \
--cc=ju.o@free.fr \
--cc=olivier.schonken@gmail.com \
--cc=thomas.perale@mind.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox