CHANGES IN CUPS V1.3.10
+ - The scheduler now rejects ATTR: messages with empty values.
+ - The scheduler could consume all CPU handling closed connections
+ (STR #2988)
+ - The scheduler now protects against DNS rebinding attacks on
+ localhost.
- SECURITY: The PNG image reading code did not validate the
image size properly, leading to a potential buffer overflow
(STR #2974)