]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
cups: fix CVE-2022-26691
authorSteve Sakoman <steve@sakoman.com>
Mon, 13 Jun 2022 16:11:15 +0000 (06:11 -1000)
committerSteve Sakoman <steve@sakoman.com>
Mon, 13 Jun 2022 16:11:15 +0000 (06:11 -1000)
commitcc657868d31cc8b4218a07aa10fa098c379e473c
tree73d87e99171e33a36cbef0744a6d070d1492af86
parent7e056e79a5acce8261cb5124c172cc40ad608b82
cups: fix CVE-2022-26691

In scheduler/cert.c the previous algorithm didn't expect the strings can
have a different length, so one string can be a substring of the other
and such substring was reported as equal to the longer string.

Backport patch from upstream to fix:
https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444

CVE: CVE-2022-26691

Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/cups/cups.inc
meta/recipes-extended/cups/cups/CVE-2022-26691.patch [new file with mode: 0644]