cups (1.4.4-7+squeeze2) stable-security; urgency=high

  In order to mitigate a privilege escalation from the lpadmin to root
  (CVE-2012-5519), the /etc/cups/cupsd.conf configuration file is split
  in two configuration files:

  * /etc/cups/cupsd.conf can be edited by members of the lpadmin group
    through the cups web interface;
  * /etc/cups/cups-files.conf can only be edited by root;

  Many sensitive configuration statements can now only be set in
  cups-files.conf. No statements have been moved automatically. Please
  check the respective manpages.

 -- Didier Raboud <odyx@debian.org>  Sat, 29 Dec 2012 12:33:27 +0100