Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZZaHb6VD8pBjxDLr@kasco.suse.de>
Date: Thu, 4 Jan 2024 11:24:46 +0100
From: Matthias Gerstner <mgerstner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: hplip: security issues in `hpps` program due to
 fixed /tmp path usage in prnt/hpps/hppsfilter.c

On Fri, Nov 17, 2023 at 10:37:04AM +0100, Matthias Gerstner wrote:
> There is currently no upstream fix available for this issue and this
> publication happens after 90 days of attempted coordinated disclosure,
> but upstream did not react to my report.

I was just informed that upstream release 3.23.12 released on 2023-11-30
silently fixes this issue. The fix is based on the patch that I posted
on this list.

Best Regards

Matthias

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.