Changes in CUPS v1.4.2:
- SECURITY: The CUPS web interface was vulnerable to several XSS and HTTP header/body attacks via attribute injection (Issue #3367, Issue #3401)
- Fixed localization errors (Issue #3359, Issue #3372, Issue #3380, Issue #3387)
- The documentation for classes.conf and printers.conf did not provide the correct instructions for manual changes (Issue #3351)
- The scheduler did not always rebuild printer cache files when the driver was changed (Issue #3356)
- The documentation makefile failed to install localizations when using newer versions of Bash (Issue #3360)
- The configure script did not use the --with-xinetd value for the default LPD configuration path (Issue #3347)
- The configure script incorrectly required glib for DBUS support (Issue #3346)
- The cupstestppd program incorrectly reported filters with bad permisssions as missing (Issue #3363)
- The cups.desktop file used the wrong locale names (Issue #3358)
- cupsSideChannelRead() did not return an error for short reads.
- The installed PAM configuration file did not use the correct options with the pam_unix2 module (Issue #3313)
- The scheduler did not preserve default options that contained special characters (Issue #3340)
- The scheduler did not remove old pre-filters when updating a printer driver (Issue #3342)
- The HP/GL-2 filter did not check for early end-of-file (Issue #3319)
- The USB backend did not compile on some platforms (Issue #3332)
- cupsSideChannelSNMPWalk() could go into an infinite loop with broken SNMP implementations.