user/sane: multiple vulnerabilities
Bugzilla ID | 294 |
Alias(es) | CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-06-01 11:58:05 -0500 |
Modified | 2020-07-08 15:02:59 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | user/sane |
URL | https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html |
See also | https://bts.adelielinux.org/show_bug.cgi?id=304 |
Description
epson2
: fixes CVE-2020-12867 (GHSL-2020-075) and several memory
management issues found while addressing that CVEepsonds
: addresses out-of-bound memory access issues to fix
CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083),
addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084)
and disables network autodiscovery to mitigate CVE-2020-12866
(GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864
(GHSL-2020-081). Note that this backend does not support network
scanners to begin with.magicolor
: fixes a floating point exception and uninitialized data
read- fixes an overflow in
sanei_tcp_read()
Fixed in >= 1.0.30