oss-sec mailing list archives
Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient()
From: Solar Designer <solar () openwall com>
Date: Fri, 23 Jun 2023 17:02:42 +0200
On Thu, Jun 22, 2023 at 12:02:39PM +0200, Zdenek Dohnal wrote:
there is currently the embargoed CVE-2023-34241 in CUPS project:
Of course, this wasn't actually embargoed anymore at that time - Zdenek simply resent the exact same message he had sent to the distros list on June 13, when the issue was in fact still embargoed. Similarly, the previous CUPS vulnerability disclosure on June 1 was a copy of the distros message from May 23: https://www.openwall.com/lists/oss-security/2023/06/01/1 Let's be updating these when posting them publicly going forward to avoid confusion - like "was this published inadvertently when still under embargo?" (luckily, no). Alexander
Current thread:
- CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Zdenek Dohnal (Jun 22)
- Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Solar Designer (Jun 23)
- Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Zdenek Dohnal (Jun 26)
- Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Solar Designer (Jun 23)