PublicDate: 2008-08-14 20:41:00 UTC
Candidate: CVE-2008-2940
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2940
 https://ubuntu.com/security/notices/USN-674-1
Description:
 The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP)
 1.6.7 allows local users to gain privileges and send e-mail messages from
 the root account via vectors related to the setalerts message, and lack of
 validation of the device URI associated with an event message.
Ubuntu-Description:
Notes:
 mdeslaur> code was removed in upstream 2.8.5
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_hplip:
 vendor: http://www.mandriva.com/security/advisories?name=MDVSA-2008:169
 vendor: http://www.redhat.com/support/errata/RHSA-2008-0818.html
upstream_hplip: needs-triage
dapper_hplip: released (0.9.7-4ubuntu1.1)
feisty_hplip: needed (reached end-of-life)
gutsy_hplip: released (2.7.7.dfsg.1-0ubuntu5.1)
hardy_hplip: released (2.8.2-0ubuntu8.1)
intrepid_hplip: not-affected (2.8.7-0ubuntu6)
devel_hplip: not-affected (2.8.7-0ubuntu6)