-CHANGES - 2.2.13 - 2019-12-04
+CHANGES - 2.2.13 - 2019-12-13
=============================
Changes in CUPS v2.2.13
-----------------------
+- CVE-2019-2228: The `ippSetValuetag` function did not validate the default
+ language value.
- Added a workaround for the scheduler's systemd support (Issue #5640)
- Fixed spelling of "fold-accordion".
- Fixed the default common name for TLS certificates used by `ippserver`.
return (0);
if (ipp->attrs && ipp->attrs->next && ipp->attrs->next->name &&
- !strcmp(ipp->attrs->next->name, "attributes-natural-language"))
+ !strcmp(ipp->attrs->next->name, "attributes-natural-language") && (ipp->attrs->next->value_tag & IPP_TAG_CUPS_MASK) == IPP_TAG_LANGUAGE)
{
/*
* Use the language code from the IPP message...