Version in base suite: 2.3.3op2-3+deb11u2

Base version: cups_2.3.3op2-3+deb11u2
Target version: cups_2.3.3op2-3+deb11u3
Base file: /srv/ftp-master.debian.org/ftp/pool/main/c/cups/cups_2.3.3op2-3+deb11u2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/c/cups/cups_2.3.3op2-3+deb11u3.dsc

 changelog                         |   11 +++++++
 patches/0017-CVE-2023-32324.patch |   29 +++++++++++++++++++
 patches/0018-CVE-2023-34241.patch |   57 ++++++++++++++++++++++++++++++++++++++
 patches/series                    |    2 +
 4 files changed, 99 insertions(+)

diff -Nru cups-2.3.3op2/debian/changelog cups-2.3.3op2/debian/changelog
--- cups-2.3.3op2/debian/changelog	2022-05-23 20:03:02.000000000 +0000
+++ cups-2.3.3op2/debian/changelog	2023-06-24 08:54:05.000000000 +0000
@@ -1,3 +1,14 @@
+cups (2.3.3op2-3+deb11u3) bullseye; urgency=medium
+
+  * CVE-2023-34241 (Closes: #1038885)
+    use-after-free in cupsdAcceptClient()
+
+  * CVE-2023-32324
+    A heap buffer overflow vulnerability would allow a remote attacker to 
+    lauch a dos attack.
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Sat, 24 Jun 2023 10:54:05 +0200
+
 cups (2.3.3op2-3+deb11u2) bullseye-security; urgency=high
 
   * CVE-2022-26691
diff -Nru cups-2.3.3op2/debian/patches/0017-CVE-2023-32324.patch cups-2.3.3op2/debian/patches/0017-CVE-2023-32324.patch
--- cups-2.3.3op2/debian/patches/0017-CVE-2023-32324.patch	1970-01-01 00:00:00.000000000 +0000
+++ cups-2.3.3op2/debian/patches/0017-CVE-2023-32324.patch	2023-06-24 08:54:05.000000000 +0000
@@ -0,0 +1,29 @@
+From: Thorsten Alteholz <debian@alteholz.de>
+Date: Wed, 31 May 2023 23:20:58 +0200
+Subject: CVE-2023-32324
+
+---
+ cups/string.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/cups/string.c b/cups/string.c
+index 93cdad1..1f81d60 100644
+--- a/cups/string.c
++++ b/cups/string.c
+@@ -1,6 +1,7 @@
+ /*
+  * String functions for CUPS.
+  *
++ * Copyright © 2023 by OpenPrinting.
+  * Copyright © 2007-2019 by Apple Inc.
+  * Copyright © 1997-2007 by Easy Software Products.
+  *
+@@ -729,6 +730,8 @@ _cups_strlcpy(char       *dst,		/* O - Destination string */
+ {
+   size_t	srclen;			/* Length of source string */
+ 
++  if (size == 0)
++    return (0);
+ 
+  /*
+   * Figure out how much room is needed...
diff -Nru cups-2.3.3op2/debian/patches/0018-CVE-2023-34241.patch cups-2.3.3op2/debian/patches/0018-CVE-2023-34241.patch
--- cups-2.3.3op2/debian/patches/0018-CVE-2023-34241.patch	1970-01-01 00:00:00.000000000 +0000
+++ cups-2.3.3op2/debian/patches/0018-CVE-2023-34241.patch	2023-06-24 08:54:05.000000000 +0000
@@ -0,0 +1,57 @@
+From: Thorsten Alteholz <debian@alteholz.de>
+Date: Sat, 24 Jun 2023 19:51:21 +0200
+Subject: CVE-2023-34241
+
+---
+ scheduler/client.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/scheduler/client.c b/scheduler/client.c
+index 9730eea..48e19b9 100644
+--- a/scheduler/client.c
++++ b/scheduler/client.c
+@@ -192,13 +192,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
+    /*
+     * Can't have an unresolved IP address with double-lookups enabled...
+     */
+-
+-    httpClose(con->http);
+-
+     cupsdLogClient(con, CUPSD_LOG_WARN,
+-                    "Name lookup failed - connection from %s closed!",
++                    "Name lookup failed - closing connection from %s!",
+                     httpGetHostname(con->http, NULL, 0));
+ 
++    httpClose(con->http);
+     free(con);
+     return;
+   }
+@@ -234,11 +232,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
+       * with double-lookups enabled...
+       */
+ 
+-      httpClose(con->http);
+-
+       cupsdLogClient(con, CUPSD_LOG_WARN,
+-                      "IP lookup failed - connection from %s closed!",
++                      "IP lookup failed - closing connection from %s!",
+                       httpGetHostname(con->http, NULL, 0));
++
++      httpClose(con->http);
+       free(con);
+       return;
+     }
+@@ -255,11 +253,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
+ 
+   if (!hosts_access(&wrap_req))
+   {
+-    httpClose(con->http);
+-
+     cupsdLogClient(con, CUPSD_LOG_WARN,
+                     "Connection from %s refused by /etc/hosts.allow and "
+ 		    "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
++
++    httpClose(con->http);
+     free(con);
+     return;
+   }
diff -Nru cups-2.3.3op2/debian/patches/series cups-2.3.3op2/debian/patches/series
--- cups-2.3.3op2/debian/patches/series	2022-05-23 20:03:02.000000000 +0000
+++ cups-2.3.3op2/debian/patches/series	2023-06-24 08:54:05.000000000 +0000
@@ -14,3 +14,5 @@
 0014-Debian-Reproducibility-Run-testlang-for-each-provide.patch
 0015-Debian-po4a-infrastructure-and-translations-for-manp.patch
 0016-Fix-certificate-comparison-CVE-2022-26691.patch
+0017-CVE-2023-32324.patch
+0018-CVE-2023-34241.patch