| Message ID | 20230817125236.985073-1-ramirez.clement3@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/cups: security bump version to 2.4.6 | expand |
Hello Clément! On Thu, 17 Aug 2023 14:52:36 +0200 Clement Ramirez <ramirez.clement3@gmail.com> wrote: > Fixes CVE-2023-34241 (see [0] for details) > > [0] https://github.com/OpenPrinting/cups/releases/tag/v2.4.6 > > Signed-off-by: Clement Ramirez <ramirez.clement3@gmail.com> > --- > package/cups/cups.hash | 2 +- > package/cups/cups.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Applied to master after extending the commit log to explain that bumping from 2.4.4 to 2.4.6 is OK as there are very few changes (and adding the list of commits). Indeed if there had been too many changes, a backport of the security fix could have been preferable. But here, a bump is fine. Thanks a lot for this contribution! Thomas
>>>>> "Clement" == Clement Ramirez <ramirez.clement3@gmail.com> writes: > Fixes CVE-2023-34241 (see [0] for details) > [0] https://github.com/OpenPrinting/cups/releases/tag/v2.4.6 > Signed-off-by: Clement Ramirez <ramirez.clement3@gmail.com> Committed to 2023.02.x and 2023.05.x, thanks.
diff --git a/package/cups/cups.hash b/package/cups/cups.hash index cc6fe25446..501d8c12a6 100644 --- a/package/cups/cups.hash +++ b/package/cups/cups.hash @@ -1,4 +1,4 @@ # Locally calculated: -sha256 209259e8fe8df9112af49f4e5765f50dad6da1f869296de41d6eaab1b98003cb cups-2.4.4-source.tar.gz +sha256 58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262 cups-2.4.6-source.tar.gz sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE sha256 5320b6e3c252423e4153eb2dd63e57e3b630afb21139f44e43b02d85fe33e279 NOTICE diff --git a/package/cups/cups.mk b/package/cups/cups.mk index 7bbea9a218..a3bb2f8dfc 100644 --- a/package/cups/cups.mk +++ b/package/cups/cups.mk @@ -4,7 +4,7 @@ # ################################################################################ -CUPS_VERSION = 2.4.4 +CUPS_VERSION = 2.4.6 CUPS_SOURCE = cups-$(CUPS_VERSION)-source.tar.gz CUPS_SITE = https://github.com/OpenPrinting/cups/releases/download/v$(CUPS_VERSION) CUPS_LICENSE = Apache-2.0 with GPL-2.0/LGPL-2.0 exception
Fixes CVE-2023-34241 (see [0] for details) [0] https://github.com/OpenPrinting/cups/releases/tag/v2.4.6 Signed-off-by: Clement Ramirez <ramirez.clement3@gmail.com> --- package/cups/cups.hash | 2 +- package/cups/cups.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)