<html><body style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; font-size: 12px;">During yesterday's routine apt-get update / apt-get upgrade I received the following terminal message:<br /><br />cups (1.4.4-7+squeeze2) stable-security; urgency=high<br /><br /> In order to mitigate a privilege escalation from the lpadmin to root<br /> (CVE-2012-5519), the /etc/cups/cupsd.conf configuration file is split<br /> in two configuration files:<br /><br /> * /etc/cups/cupsd.conf can be edited by members of the lpadmin group<br /> through the cups web interface;<br /> * /etc/cups/cups-files.conf can only be edited by root;<br /><br /> Many sensitive configuration statements can now only be set in<br /> cups-filesconf. No statements have been moved automatically. Please<br /> check the respective manpages.<br /><br /> -- Didier Raboud <odyx@debian.org> Sat, 29 Dec 2012 12:33:27 +0100<br /><br />/tmp/tmpn8ZR_9 (END)<br /><br /><br />I run Debian Squeeze. What action have other members taken?<br /><br /><br />Best Regards,<br />Fay<br />East Grinstead Linux User Group<br />www.eglug.org.uk<br /><br /></body></html>