cups: fix CVE-2026-27447

Return-Path: <abhishek.bachiphale@windriver.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F21E1FF8868
	for <webhook@archiver.kernel.org>; Tue, 28 Apr 2026 11:41:33 +0000 (UTC)
Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com
 [205.220.178.238])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.11372.1777376487450661280
 for <openembedded-core@lists.openembedded.org>;
 Tue, 28 Apr 2026 04:41:27 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@windriver.com
 header.s=PPS06212021 header.b=hrJR0pLl;
 spf=permerror,
 err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}:
 invalid domain name (domain: windriver.com, ip: 205.220.178.238,
 mailfrom: prvs=95788289a8=abhishek.bachiphale@windriver.com)
Received: from pps.filterd (m0250812.ppops.net [127.0.0.1])
	by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id
 63SA3gS23814829
	for <openembedded-core@lists.openembedded.org>; Tue, 28 Apr 2026 11:41:26 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com;
	 h=content-transfer-encoding:content-type:date:from:message-id
	:mime-version:subject:to; s=PPS06212021; bh=mlDYVjxhc/Jq3xwZT310
	nOfZTewhdzHyVCzJZRO29QY=; b=hrJR0pLla0omahPO2kJgajJnWc07NOYjZWer
	14/H4edeh9gnO6dN11j5GVp9CH0Jf0tq3VuMJiXBF8vq6W3FHOSRCpMPvCmqOZFe
	U4eZhUMO6v3R8PlH9Vz7iPSlfCJViYtg2IEyslpCL7aHK7lAYW4Qllspb1wGL1xE
	YDDf8hB/kDMsdfjfhUk28NhhLad/ZcAQP3j6i8dh8crQNvGeE3Z0pTjsORoKNpJV
	3W0vLEWKgGAH6KmJWfCvPM5tR8itwDxyJU2wDLEfhL40yMULVg3iv0kB1DjbFHR6
	Tqdrqxb/smljdVGB+anKgT4/QZwnF+yUU/2qBz7sOreVhAtV6w==
Received: from co1pr03cu002.outbound.protection.outlook.com
 (mail-westus2azon11010063.outbound.protection.outlook.com [52.101.46.63])
	by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4drmk6ubm9-1
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT)
	for <openembedded-core@lists.openembedded.org>;
 Tue, 28 Apr 2026 11:41:26 +0000 (GMT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=DeYtDW/ePXcL384sCzXk4OmJZI0rPBrbiMMxuaXzbDndFJV71zSdlC4ttcuQwyXudFCAR0+35MkiA+Ym75+/8alsKe48y5AkfCUG5r7R1cypBab4LEU0Pl/9ocY4BQb+YtHM8+W33Pfl1gZpC7pwF8ljzqTfTJSTUthr0UTYARXE6aYAUdlBuAz6t6EG4GM0A3s+48meHUd93uCX9dZ6z06exiQ2Ke67cErx6s4ZpzrwjrYOsdigjZkzV2ni1bQXP+K7wI13ytPdFNUCuQ9dlujGORuylQbqxSzQjoZP2QEU/xK+NBeYFfZYUcuQc7w2VQZf2yVsNL+bccQTfWWMow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=mlDYVjxhc/Jq3xwZT310nOfZTewhdzHyVCzJZRO29QY=;
 b=c95G6ANoh3tomPQga+LN+lS7wuOXnqvCzUgn6QhgEceV/AuFXRt3C29nO007Voe8o0QRrXrc72hpgUQRVPyPd2HhWniVIAbBKiYQYjO68gRDBqPQpndH121O3WoyLMj6UB29S0w8H0EpjEcsuskgAhj5tu0Gh8ny214pQWACy2gs/0Gs4NxQZugF8Xew3pRTcPUfgxtWgmTheA3+FCvG1A1fxRFTzIqQ0yk6GG7sxBp2o0hYYP5PGxVETmtB86bVhzWSh+pgfr3yungdiRZ84X0D5KpZj/gRIJsuPIrTpZavRfiQ1r/RLOMs9Ncdoj6LWhHc9CbizDQaGO48VdOdFA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=windriver.com; dmarc=pass action=none
 header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none
Received: from IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9)
 by DSVPR11MB9889.namprd11.prod.outlook.com (2603:10b6:8:45d::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9870.18; Tue, 28 Apr
 2026 11:41:23 +0000
Received: from IA0PR11MB8399.namprd11.prod.outlook.com
 ([fe80::ea10:3d10:93bf:f83c]) by IA0PR11MB8399.namprd11.prod.outlook.com
 ([fe80::ea10:3d10:93bf:f83c%6]) with mapi id 15.20.9870.016; Tue, 28 Apr 2026
 11:41:23 +0000
From: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][PATCH] cups: fix CVE-2026-27447
Date: Tue, 28 Apr 2026 17:10:53 +0530
Message-Id: <20260428114053.3136319-1-Abhishek.Bachiphale@windriver.com>
X-Mailer: git-send-email 2.40.0
Content-Type: text/plain; charset=yes
X-ClientProxiedBy: TYCP286CA0364.JPNP286.PROD.OUTLOOK.COM
 (2603:1096:405:79::8) To IA0PR11MB8399.namprd11.prod.outlook.com
 (2603:10b6:208:48d::9)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: IA0PR11MB8399:EE_|DSVPR11MB9889:EE_
X-MS-Office365-Filtering-Correlation-Id: 3bfe88ca-f92c-48ae-75c4-08dea51b12c0
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|366016|52116014|376014|1800799024|56012099003|18002099003|38350700014|13003099007;
X-Microsoft-Antispam-Message-Info: 
	/elmdi1t4ZDdUl2WlUxpwTj3HtQlguRY0sNqMdOM4q1V8aujE3uimKMDrkeM4ijlEmaqCwfmyLn7BC53/34mT5bKIAQ+URP4oPZFM549UVd1wnV7yKQRBRepYlCwH7Oscy1ux/q1tafqYz8khyvPUF8ka65A2oPfSpDa3qxviSrvMzp+jeNmzNqMLPasP5TN3q/KD658z/2wVPxbr8K0kacVt48vh9BRulyZaZEX+qKIP0v0WzorldPfBCVreg4SPlPfHqLfoyCpn6JR0woinakyoOHpOy2LWAScCRoQOggpW1CQ9D0MR24KhmLUaaujk/pDmiJhLbrAeeZ9LK+qxA8utDB3+kWahHbp2nKAqoRhpS3fsHOYqto8M+GSoRu81JjvHpCyhPgEMkH2/W6m9cWOKIYYKpkxRCnPYaQLFkMuufLscWjCJFmDktYWRmzE0y7F9hboFAR67kU/lHQAEmiNsJ97nesub4KuETJK8WdkDN3BGqHhgnsTuRHz/YAN6yw44CyF0jxZpKArF8aur0xkGWi3ZE6PObz82xL9HMYEFpWN6iK1Tw0eF6NvyLCCm+3pr3wvA16rh9dvDzbYcqIp2wXnXSvrsdXyOBumGPROhQI1ac5ewG5fD8kYuYqkXzCKAk9YNp/F6u7sGs9LVS8ikbLrHIa4hcuxDUrq2gs3BqpQVcbksYAv2ZdD+mGEGX2IFplxnZBmre4bu7mOwCelOLfslMDDFO0SZ66cFOGzESpcUawVJX6cL86dI0IOUSm3ReZk3bwrH0OTPqwson3CUW9Mi34fiHDwKLH9AcqMYcX9sy3CNVBYhFtvyFux
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA0PR11MB8399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(52116014)(376014)(1800799024)(56012099003)(18002099003)(38350700014)(13003099007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 DP70XlhAZdc8I6Y8ZRlNmKF2QYZo7bNIv+SzEC1m8lkqi4VfBaEsohE1uOBpzaMMvKRJ5iWeKQQQwN4ZPT4K6pjbZATdnRn09qQL6PvhCP7QNsjA3tfv+6rpzIsnFxyWY42POxn/UARUA9V7K+1QV2e0qk4Ai8/g2EMfp55m8KuT6gcii23nSKD2y/SCpeMzMLa//BnsmCKW/ksTsnGwrvfesLQm6k4xZ5AQocX1+B55Lr8ZtJl61FolciPTFFxQTn3+6t867zfy0rIHPNIxeWaF6k4AAoXNx9gZbZDpKGPBPcPawqYs1M/XNNRolOqJTn7kk0Em4zoU0bmRXedpqj/9FQ1twnOQ3jsBYQn3fgifTI5QgTYSdQIcEAtcCSAeyKGP3o7n56GexsU2LiTGZB1EyJj9e5UaGPfcu8JgHzesEvAyKvYX0iHiA28KXoq8/f0Y/HwbT9ljuzgsZklEbH58QbqUUKR/Q2eOWhXK8XdUhA0m2lZRAMAlKUtIE/0M0mx8BulnU+Sz9fkol1rnxrKQnCL21R63s6DfApvPfKx0qsJ6PZ99k3PQqLH2tMvejTbTeBtKco/wcK7Ff2IuJt4uDhi36yV+nzU+oLMVW5eI5qlw+0yab4VVpxbIxP1wkPXr1Ni3l0TNLRJ0np54pqIjWacjOhsD70mM7PdFpXKxM4ZuDNy4nGalAE5uhMU/Mynxo/k9EzM/3pK/FfgKy5olITWME1H/BlpKAgnAkJ0MVZJSO7Jb4/pOYw1oSpEuKy8f6S9UB9uT8cCzzwpqDZCUOd59/eYsnU495zbwctqNRnfWiCo0JK25/dh8CWA5Gki2m9I9zZTke+78381/scNqJx8PFP2hQ9v1R7RdAvSuezrr/5s6GOouOQcF6gB1R0oPS6THhQFf54zU1i02qQzSjaRIkkZ3rl39zpFTJA6MdJF2NBWZFYGmRDkmBEV09UCxMoXGPyA1nlVj+xhC9NVozm7u3PxtWTRCi10244cAsJo6NJixE2FJFd+pN0FEKcAZAJGTQPf1AUaZduVvDdRU2pQso+Bn/+0n6nFcEU8lCdx/cefa/A9YcQ3m7QEG3hFvUAlaw4i1AzzUQIyXNtUQX+dOtC+1SZZaQbBySMqPDkcgXlofoflW5Bq87V4ck1UoSkgfoFzT/+wdVgJXGTSz26XOaAGiS9/Y0xm6Z0c9zK0n+OXvc9p0Q7y6hpY8+Wq73W1IKqIXQFQE/NzdQQrRPkM6IyKFi+SYbxBqK2VqPMRxtFKb04vV/KkIve8l/tPGmu9O/oO4wXvYE2McHhKs6vCHMWo52inVCNH2ib9qUW2qMggXLFz0tvBbbhyS6qtyADwx9N84dP/g7ZE7kjAEhtlAVtx2PuoFStVRjj9Y+gRYkTsemVo4L13IVfYS3Ivq2u3YYXWJr2aqMRJTf5Adqj5VrqwDkLh6QlFyI+mm4+DdlieUijzNvnfr0Idf+9VpJDBc+tgFHfsnHTDR7DnD031RCz3BwfbTpfkwNCZ0y/k1AR8X/YFbg41iwdX5Zyp1XwIzjlX/YShb2+r5DskISUz/hX6z+tcW1ZFj8nvRgui36jwZm6LJDOC3FYo0BWgi4NQ6+W79pxoEC1pUvMNf1G2ZrhucgROQvGqUwKQ6I4ruwgGYnnTWhbPo6RUEgH3rWcBnNPoYwIx3vlM4+Yn8PMnUx3y+49hlSv9N7jPCo3CQEaxb3PtllKrvAxdPjvRCf1VCoCOYN6iv8lmbnVz2va5RwYcGx9Y9nPYkjO9iecFvkp3bC1mWt0yVGTjF
X-Exchange-RoutingPolicyChecked: 
	UgBFxRfZtbroN0Vnmede4yPwvkZE7eYT828V0YN7c3Vy8gDl42ZKvvhdRPqloQulAYK8E5h7x5WN9gMl3f1JBG2pzeI+AaP/at2RZc2ldAKONZRN9UDRSAwvgzuJ7xF6arx+hZbNWrBTRZptU+U+41AvL75u9gkBqlYye9T8R9ykWzg6lX2iMILUJQP7ga9ekBA/U8r/Awq5SZs2TQQ8BN0BGArG3Yg/GhkcP6oc9BbOnK6Vst1Y0ZKKugBFFicziANfAzavVU2q/F+iPHXpdX8+G77W0otHIPSTGMsFW0TGHpFTbKsGzlQHTFjDD1ONV01TW1on/8H/HE9bjoW/8A==
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 3bfe88ca-f92c-48ae-75c4-08dea51b12c0
X-MS-Exchange-CrossTenant-AuthSource: IA0PR11MB8399.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Apr 2026 11:41:23.2448
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 sA3tSJOz5SPhgNE1GEJEmHy9aow8meC/CppRDvwUH8TZyiz9AtHem6I1TWxKLYqSDeWUD/TPyggg+o/YmSRVM9ZtW1uRvjQTse3u+1DM1LYIdOlqqgv61qFVvK1gOWdk
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DSVPR11MB9889
X-Proofpoint-ORIG-GUID: pJjiBtsioCejpYwBuAT90TgaYXyBx2c-
X-Proofpoint-GUID: pJjiBtsioCejpYwBuAT90TgaYXyBx2c-
X-Authority-Analysis: v=2.4 cv=RN6D2Yi+ c=1 sm=1 tr=0 ts=69f09ce6 cx=c_pps
 a=lvbo/KN+lEuTaduVXZ84Bg==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19
 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19
 a=xqWC_Br6kY4A:10 a=WN52PlUurRMA:10 a=A5OVakUREuEA:10
 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=fTW__CHxibyLmBMfj2wP:22
 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=F_ubicZDAAAA:20 a=t7CeM3EgAAAA:8
 a=_cb5lnDNjOrN61fj1-0A:9 a=3ZKOabzyN94A:10 a=xE34mhsjmDcA:10
 a=FdTzh2GWekK77mhwV6Dw:22 a=bA3UWDv6hWIuX7UZL3qL:22
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDI4MDEwNSBTYWx0ZWRfX2FfeNci8CFVy
 XDr6vJivEcHOO/mgXDwMFs9sfPf3uA/Bk2GLqlS9mbRT/zOwGvceX7NiIX/HuVMlnUdjUgaJDMa
 sKwv+hPtXHDvaZ+EMoNI/vVQskFLRO+cpEnzYZ3e6/YizWBIYp6unD0Fqh2+Kpf9DOSRmY7Mw5t
 zw78VQ5y56UbngXtxv3I6Uyn1ILk3TXi2hef6cDpsoQJnjxQmC+wBUhkUp8GyjiRn037IQJYjy3
 ek8jFh7R0L6UCGiAOyiq48WnvJCLYYunwgOf90aO2NgDBR3NIh/xVYFgj+wJs78vm2XdMg96cjI
 ywTK5LKDf6N2zvjcWeT9gLe4udpHfl7Yf4L4hwV0felID/ihyUkYprZ1p7EG4Sq3Ka2lu3QEHfL
 4+CFZIMo9eXfIGWfc0QIjT7/QLTNihoGyy5DDoCcfl4ODY76egoUzkAo8HF5ZfHkCwBqVmd/Hbz
 3X5L/6wDIZtu1exZ+/Q==
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49
 definitions=2026-04-28_03,2026-04-21_02,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 phishscore=0 adultscore=0 priorityscore=1501 suspectscore=0 spamscore=0
 lowpriorityscore=0 bulkscore=0 clxscore=1011 impostorscore=0 malwarescore=0
 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0
 reason=mlx scancount=1 engine=8.22.0-2604200000 definitions=main-2604280105
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by
 mx0a-0064b401.pphosted.com id 63SA3gS23814829
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 28 Apr 2026 11:41:33 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/236055