From 817fbf37bfdbdaa6ec78931055244ed6c29d3b7b Mon Sep 17 00:00:00 2001 From: Tijl Coosemans Date: Tue, 16 Sep 2025 16:51:39 +0200 Subject: [PATCH] security/vuxml: Merge 2 entries for CUPS Reported by: osa --- security/vuxml/vuln/2025.xml | 51 +++++++++--------------------------- 1 file changed, 12 insertions(+), 39 deletions(-) diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 632514941d84..8dfef9ff433b 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,36 +1,3 @@ - - CUPS -- multiple vulnerabilities - - - cups - 2.4.13 - - - - -

OpenPrinting reports:

-
-

When the AuthType is set to anything but Basic, if the request contains an - Authorization: Basic ... header, the password is not checked.

-
-
-

An unsafe deserialization and validation of printer attributes, causes null - dereference in libcups library.

-
- - - - CVE-2025-58060 - CVE-2025-58364 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq - https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4 - - - 2025-09-11 - 2025-09-16 - - - unit-java -- security vulnerability @@ -69,21 +36,27 @@ -

SO-AND-SO reports:

-
-

The release 2.4.13 brings two CVE fixes - fix for important CVE-2025-58060 - and fix for moderate CVE-2025-58364, together with several bug fixes.

+

OpenPrinting reports:

+
+

When the AuthType is set to anything but Basic, if the request contains an + Authorization: Basic ... header, the password is not checked.

+
+
+

An unsafe deserialization and validation of printer attributes, causes null + dereference in libcups library.

CVE-2025-58060 CVE-2025-58364 - https://github.com/OpenPrinting/cups/releases/tag/v2.4.13 + https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq + https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4 - 2025-09-12 + 2025-09-11 2025-09-12 + 2025-09-16