cups

• Author: kikadf
• Vulnerable: 1.6.1-3arcturus2
• Unaffected: 1.6.1-3arcturus3

Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files.

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537