openkylin
/
cups
mirror of https://gitee.com/openkylin/cups.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

!5 CVE-2023-32360 安全更新:未经身份验证的用户可能能够访问最近打印的文档 

Merge pull request !5 from Meow Nova/openkylin/yangtze
This commit is contained in:
赵玉彪 2024-01-05 06:39:20 +00:00 committed by openkylin-cibot
parent 905019d147
commit 25e4191f25
2 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
debian/patches/0002-5-CVE-2023-32360.patch vendored Normal file
View File

@ -0,0 +1,31 @@
From: =?utf-8?b?6LW1546J5b2q?=
<6575250+zhao-yubiao-code@user.noreply.gitee.com>
Date: Fri, 5 Jan 2024 06:39:20 +0000
Subject: =?utf-8?b?ITUgQ1ZFLTIwMjMtMzIzNjAg5a6J5YWo5pu05paw77ya5pyq57uP6Lqr?=
=?utf-8?b?5Lu96aqM6K+B55qE55So5oi35Y+v6IO96IO95aSf6K6/6Zeu5pyA6L+R5omT5Y2w?=
=?utf-8?b?55qE5paH5qGjIE1lcmdlIHB1bGwgcmVxdWVzdCAhNSBmcm9tIE1lb3cgTm92YS9v?=
=?utf-8?b?cGVua3lsaW4veWFuZ3R6ZQ==?=
---
conf/cupsd.conf.in | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
index b258849..a07536f 100644
--- a/conf/cupsd.conf.in
+++ b/conf/cupsd.conf.in
@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
Order deny,allow
</Limit>
- <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+ </Limit>
+
+ <Limit CUPS-Get-Document>
+ AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

1
debian/patches/series vendored
View File

@ -1 +1,2 @@
0001-Apply-patchs.patch 0001-Apply-patchs.patch
0002-5-CVE-2023-32360.patch