Recently I updated CUPS in Fedora 9 and 10 to version 1.3.10. One big change in CUPS 1.3.10 is in the filter for converting PDF documents to PostScript: it has been completely reimplemented. This sounds like a lot of work but in fact it is now a very simple wrapper program.
Prior to 1.3.10 it was based on Xpdf but with some changes to make it work as a CUPS filter. This meant that every PDF security vulnerability had to be fixed separately in both Xpdf and in CUPS’s pdftops program, not to mention all the other PDF implementations (ghostscript, poppler, etc).
The new CUPS PDF filter just runs the pdftops program that comes with poppler, or alternatively ghostscript depending on the CUPS build configuration (in Fedora we use poppler for this).
In future if any new PDF security vulnerabilities are discovered, CUPS in Fedora will not need to be patched for them. Yay!