Insufficient restriction of IPP filters in CUPS allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue. Upstream patch: https://github.com/apple/cups/commit/07428f6a640ff93aa0b4cc69ca372e2cf8490e41