Looks like a CERT dropped an exploit for CUPS ahead of the deadline, so it has been disclosed earlier than intended.
Definitely don't expose CUPS UDP port 631 to the Internet, remove foomatic if you don't need it.
Debian already restricted CUPS web stuff to localhost by default, but you may still have work to do.
Cups-browsed can go, you can manually add printers.
Assume anyone with network access to CUPS can admin your print server, and respond accordingly.
Then expect patches....
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/